Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03/05/2024, 14:00
General
-
Target
https://www.comgas.com.br/media/v5rcbgbv/numeros-comgas-bg-3.jpg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.comgas.com.br/media/v5rcbgbv/numeros-comgas-bg-3.jpg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefc9446f8,0x7ffefc944708,0x7ffefc9447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2443128593108927779,9573380373088266869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2932 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Windows\system32\NETSTAT.EXEnetstat2⤵
- Gathers network information
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52a70f1bd4da893a67660d6432970788d
SHA1ddf4047e0d468f56ea0c0d8ff078a86a0bb62873
SHA256c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561
SHA51226b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343
-
Filesize
152B
MD5fbe1ce4d182aaffb80de94263be1dd35
SHA1bc6c9827aa35a136a7d79be9e606ff359e2ac3ea
SHA2560021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51
SHA5123fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f
-
Filesize
6KB
MD5def108beac8a5a9eb15e9460f9ce59d5
SHA18f7bc3cb4c3d6e1d8fd91117c070b5c9c7a4fc5f
SHA256ff9c1298b88fa378991002d78d9445735121e196aaa73bcaa99df1132db45dd4
SHA51247173ed989f0230a2c744ef53587edb49d5976b3237dcf654f5b3dea9317fcc7061a39aa2f355e5f0e0c5ba88434a93616b2db48d37aeff173413a893621eb9c
-
Filesize
185B
MD53b37c95b9ce402492f739462f05f5e4d
SHA168c46830d09fe5e0b6218c1158b5c155619f7801
SHA2569d0c7111c12c619637065e326583c340c91e8dfdd8911b2a5798ba36f5925c9e
SHA512b49d3ad0d60bb281ecfcab32a59fc2fa923cfd6406ca87cb7011352390f3e492817bde338f9612e69526908d3883c7c52a52ab399cf64edc1a9feb0a0b4d45c5
-
Filesize
6KB
MD55e902ff7d17d8bb153eb888378efc219
SHA10529b470c2c095269e75ccc37575e157de15e4cb
SHA2567d8c0bfc957be7be507bf63ef1a341f3f23278b069a7caca480f8046a9cf4475
SHA5129e2c834e51729a7e9a040728d25f46769a1f65d178beba54a53dddc961ec2ae0adb24eb72a3849f7471db728f838e5f285700710d7c5ba88ebe9e24a6e7f5ead
-
Filesize
5KB
MD5d0d077117602028e73f3dc50d5f646b5
SHA1200256d3a54c8b1719c7cd35ebf772d444abcd6d
SHA256f68699df31fe2015e02f8d6107a8fb143938d8edfe3cebaa8ced25488e24135c
SHA512862482bf91e51454bbde10af6dd53981379839a245059ec4f414a03485aa0091606dd38f58ed4f1eb37563dc19ef50518a7d18dac0470efe71b7c2c556077a89
-
Filesize
6KB
MD597a491bb802c5706c7b57557b5acb558
SHA19e227b360effb1262dda7036ce6e545e0da75a27
SHA256714c5191d1b11ec952ea00c26ba78e887d48bd043c86d2600609f544cd7553eb
SHA5129f9fe690e43187747996ce661a311e0ae47ff47202fcf6e43d39added2eda81422c7edfc2922c3bae0ddeb8c378f6c536952ac6b907d6ba3a7b211855e92ed3f
-
Filesize
204B
MD55529894fa0097c2c70325453dcc21545
SHA1f044ad7b580202e5c72b8eda50952da7310ce888
SHA2566d44d00cea3264a08a1869bac2b51fae8618c7378bb62fc4b694221c30301f94
SHA5121a85741d3d87dfefd9f325549e2b34d1296b000cd24b97090de71b1df762e7ab24828dd82a94bb02c96635598cd55bf51b609442e4d6d1422e1e20efb26107ac
-
Filesize
204B
MD5123e783c1888a51af454dabf983d7476
SHA1f8e40a2d41db905c52bb68abdff7f287357ee957
SHA2566912720acdaf18f0e0a078ff5437c67f88270918d9da3819160df4625357f546
SHA5127ed04ba9c690510bfe05d7dba9f91026b75e1afcee63fec4ae9f7df0899b02b6ee56d3b77b01c8e0227c622f00c32bdb04559915db37eec645d67825c7f5fe7d
-
Filesize
204B
MD510407e3bdb14f19aa0f77194a041dc6a
SHA14c46b7dc2aae2d0cb36a0fed7b78bee7082babbc
SHA256ee48ffa4ea1998fa162f916e5502063b08dccbb6621616c16e29deec06212563
SHA5122aee53f403c3ef08f59923ebba5d8872fd09532e8a69b6c18ed00218df352c439e10893dffc679c6afa124e17917b8c7623e5c3d7d30db144dee468eeab48484
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55effa341aea3d9af52fa8ecbd6b78dd9
SHA19479d657ba7afca0db19f5c079e1f9242bc402be
SHA2561a4edc583532119afdb27cdb57d9f02b79818232fa5632ea30b9d17369a48276
SHA5122b6b03ea0a6affa91819f79c423d4274065ee8ccd92cfe53e2e8c8c2d3b5bef03cffba12e56fe90bc8d5ba6fc5c92218ee407f827ef336f2161a3d0e379804a4
-
Filesize
11KB
MD550c1cee2186020cd81ec27f8027d674c
SHA1d57cd8fe0743cc3862049c61fbb6aa3e6427e7c7
SHA25621828a9178cfcda89e8fe9a6318bd35a5181b8943b27d36b80a99425f0aa199e
SHA5120f9dc42aaa31d2667c84ceb07d16ca77a9bc21442edb5753243b44251560d91fe4203a146391e09f32273650c88dcaaa782a805b638422d3cb880d80e4917ac6
-
Filesize
11KB
MD5ba737dad4b090e5580772a7519c70bf8
SHA106e448649cce34e48f6be3a5e8d89b6a630c1ede
SHA25648ae19f0049252d70512fa3b51d802276ac9f47fd69126cf9fd3c3ea4282bfab
SHA512a43c88b8e248d13ac5a7f2bfbb88c20412f8b16b163c6336f2a3410ead5204a407f2ef3471979a5a7597abed2ff54924eb12939fce457f8e90420d19f958944b