Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://qptr.ru/hVVV

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-04-2024 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://qptr.ru/hVVV

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 59 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qptr.ru/hVVV
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c26046f8,0x7ff8c2604708,0x7ff8c2604718
      2⤵
        PID:2656
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:388
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1380
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:4088
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:748
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:2924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
                2⤵
                  PID:2232
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
                  2⤵
                    PID:4348
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4600
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                    2⤵
                      PID:2820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                      2⤵
                        PID:4420
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                        2⤵
                          PID:5320
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                          2⤵
                            PID:5328
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2212 /prefetch:8
                            2⤵
                              PID:608
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
                              2⤵
                                PID:5112
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6334699671789326569,14738295357431218691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                                2⤵
                                  PID:5248
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2912
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:764

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Initial Access

                                  Execution

                                  Persistence

                                  Privilege Escalation

                                  Defense Evasion

                                  Credential Access

                                  Discovery

                                  Query Registry

                                  1
                                  T1012

                                  System Information Discovery

                                  1
                                  T1082

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Resource Development

                                  Reconnaissance

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7b56675b54840d86d49bde5a1ff8af6a

                                    SHA1

                                    fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

                                    SHA256

                                    86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

                                    SHA512

                                    11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    48cff1baabb24706967de3b0d6869906

                                    SHA1

                                    b0cd54f587cd4c88e60556347930cb76991e6734

                                    SHA256

                                    f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

                                    SHA512

                                    fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                    Filesize

                                    34KB

                                    MD5

                                    0dbfe8a3cd651d41cc87ba5ff6036222

                                    SHA1

                                    f0d655b6f74700bdd5e7ab110687ca2fd46295a4

                                    SHA256

                                    44707f450147135e6bc41f9f48fac14315dcdaf6484b54bd3337ded6867ee486

                                    SHA512

                                    20a0b78b73d0ccabb7585aeda32a27047a26cee34fec0527520da37f8c7b95395a3a7c06050242605e8a945f134631003d8efa51c3b5a235e9ded609e7999a2e

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    408B

                                    MD5

                                    b48c74420cddb55c4eb81d6adddecab0

                                    SHA1

                                    fe17b40ec452252e14a983299d48d155e47db1a9

                                    SHA256

                                    bd7a75699bc25e84221a7764d569965ad0f5d1945f8f96c08f7a8dcf6b86e3cb

                                    SHA512

                                    8ce5a67497373f01c17ae3658810e0e4f6489cede7ee69483ac01e84d43f2be5ec3af8b8912d34e4bd891427a746ab0daa23bb7a6be353d2f821eb2ace45a6ca

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    384B

                                    MD5

                                    bc0abff688a7ab5331bfb4faf39bf449

                                    SHA1

                                    30fdee877ceba21c9bfe7d21cb89cd57778edfb6

                                    SHA256

                                    700e0949f4107d84642280d4f391bf50229a906ff10d1270c25ff6d748f6f28a

                                    SHA512

                                    04d06db67a5aef44861a208c2cb5d496de746d35b7e90374c4d32aae643613ed94dd6da5701e0e86071709b72bd7118be755ecf15ada6569c695e4893b32b5a1

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1014B

                                    MD5

                                    14b0e8b0b472e88d98d789d7eab2ab23

                                    SHA1

                                    ea9cddbbb736c43bbd5fcdd936b9791bddc0f711

                                    SHA256

                                    021f72a2bf7edb7581849f61fb1499afff9992432fd4ff1634f420f50b769023

                                    SHA512

                                    a6108aae1b1422cb4991b26b7249325d68857c28f594471f160c8ca3e77f114849dd8c0e43be13ea8278ac0451880244d7587f15b7f4ea38af3a1f364ec443d8

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    fcddd4047697787b262babe7111b5c7c

                                    SHA1

                                    72033ac5ee0d685b9e03868b301e873800f84830

                                    SHA256

                                    98fe4473cfdbc6e23e40a9dd93f1b6dddddf633655e1e9a3502f984192d7fc19

                                    SHA512

                                    f4be24f875709b2d520fccf5d3f735b2f4ecfb251d313d5112241afff4c1252f2616466ad86c266217c68ec412f040b26724d17c7bd08d447ef3d94d493076a0

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    a370ac5f42cb9dfd130e39648b4a4c40

                                    SHA1

                                    63476deee36a5d15f61faa802f5adb5ca5170386

                                    SHA256

                                    aaeaede6be6cad68dc0a0fe33972c506baeeaad3c96ea0d451af89827ef59c3e

                                    SHA512

                                    d15b0b7d74ed766157c3261710b16da25a0befd4913ed6b55a5165e874982224b50dc8613bd2e89101de035f3fa26e6d8ba5e9c5cf9e078c33e461f906a62c08

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    d2e46674562d6a200faaac1edaa9e529

                                    SHA1

                                    0ee508350a46671d5552f83ccddbb7b60a521760

                                    SHA256

                                    ffdb5af43b079b48c44610372454b91dc07e89f1fb7a62afb938baf4c1dc12a7

                                    SHA512

                                    f2acf34c3c338e8e2033c0663cb70642ca918b9eae49b5db2bfe061b1dfa42fcb323f8751c797d9c96bd207cab86651f5150baaa46f9ef3df53bb644fe3bd361

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    7da4a94f5b17f47e03cf9dff8cc0155c

                                    SHA1

                                    698d5c52a3b1e40c53cee77ed1ec7be4956fd1be

                                    SHA256

                                    733b92c679fc816f6c9239204550ef186917cbd703fd645a93c777d71f44e750

                                    SHA512

                                    2a73bd942712712f8c48028bbd4fc850d51c120f8397caf2e12ca3fe9171877e85c120f82db669d8bc2abf315ee3f084f6adb413a31295d8560617961bad3750

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    9aba4e83d9761db7c4f7ad68aea23cf3

                                    SHA1

                                    9969b39c318c5fcbae3754ac2cf8693b149632ad

                                    SHA256

                                    0cb5d84fd5616205bc1289c37fcdba4db7e626c62ff2ca0e2094b17723e3f31c

                                    SHA512

                                    3de2ac52da721bab10b84a736d5d174aa0051446816c26b0ad182a116a6f11ff1e97e8a8a4b046d34db602f8b331bf9648d5214b88f5a726e9a247501a58a4e7

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    117cac7374cce66f3c55db9b29254c41

                                    SHA1

                                    ec32bc2955a2f8a630d76dd186fedc3e496a7732

                                    SHA256

                                    157d05d563c2015655086b8bcbda0d150d041cf3feb3a8c6d2b51c78da40bce9

                                    SHA512

                                    859c11cc5497777edd8b7db9751ffe0b5225a9dd63dde00d9a2f63defdfced611b8a7cf00b9cb3695e7f9881ad29db58bfb814ceb4cbd4457647aad2a44a6375

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    6c41655ff994f16ef18b86524185e9c4

                                    SHA1

                                    4f2b46aaf9d372264a84ecb96ddeac06b7b46ce7

                                    SHA256

                                    a3db5cc95c468309c281560d70bafe964e1828b3e45e78dbcd152ae05e685065

                                    SHA512

                                    626d6b4a893cd4fb5f5b69243c1d98ee80262472ac6b213661b1c853d8e12ca0990ed63e9d51bf040af59beb1a4a06bd6a3aa11e4510bb46ac364ddc8f97c4b7

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    0023c032ad60defb68ddb4c37837ff7d

                                    SHA1

                                    346dcb1853a0f07f010ae409dc9e1f3fe568034a

                                    SHA256

                                    aeeff7588e2d1c9c8a6bd56d7dcc07908d357636d9b99fd1320fa81f848ca2ae

                                    SHA512

                                    ad8e111262cac8591c314e5271cd03ba3dad7eba3ad6a1d371c1bc69ab0e815878bb8988246fccbddc1ee40cf992c11fa33f20231492f5b5c768e26711ba981e

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    12KB

                                    MD5

                                    92898f220f9d71697606d2f0cac3f860

                                    SHA1

                                    d85e5be215a0c366a55cfdc3a8f237bc59f58a44

                                    SHA256

                                    ead2c2724e235da4f5ae4a189ced6b9ebb673b67880dfe1a38dd55ea56590ae5

                                    SHA512

                                    836112e3c158d6ca226954ebe14688015cfe1958a41caad50cbd1c68905854042dab253b6c3fc0772052203c5b391af6c9d30f8c6fd10adbbe25e42e49cbad3d

                                    Download Submit
                                  • \??\pipe\LOCAL\crashpad_4776_NIQPOYQVMNOJIDKK
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit