Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://bitly.cx/oQ9k

windows11-21h2-x64

1

Analysis

  • max time kernel
    70s
  • max time network
    73s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-05-2024 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bitly.cx/oQ9k

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/oQ9k
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3260
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffee7483cb8,0x7ffee7483cc8,0x7ffee7483cd8
      2⤵
        PID:3008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
        2⤵
          PID:1316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1920
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
          2⤵
            PID:2884
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:2000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:1324
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
                2⤵
                  PID:3400
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2356
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                  2⤵
                    PID:572
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                    2⤵
                      PID:4464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                      2⤵
                        PID:3720
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                        2⤵
                          PID:4976
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3552
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5616 /prefetch:8
                          2⤵
                            PID:4548
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                            2⤵
                              PID:4152
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
                              2⤵
                                PID:1596
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,15117347161155671530,16612224401318621884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
                                2⤵
                                  PID:4176
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3144
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:328

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Initial Access

                                  Execution

                                  Persistence

                                  Privilege Escalation

                                  Defense Evasion

                                  Credential Access

                                  Discovery

                                  Query Registry

                                  1
                                  T1012

                                  System Information Discovery

                                  1
                                  T1082

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Resource Development

                                  Reconnaissance

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    ade01a8cdbbf61f66497f88012a684d1

                                    SHA1

                                    9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

                                    SHA256

                                    f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

                                    SHA512

                                    fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    d0f84c55517d34a91f12cccf1d3af583

                                    SHA1

                                    52bd01e6ab1037d31106f8bf6e2552617c201cea

                                    SHA256

                                    9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

                                    SHA512

                                    94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    576B

                                    MD5

                                    afc146984f0aaa30b12111417e450e04

                                    SHA1

                                    0e9ee44ae6363ca1d8cce23cd4b2e341919f8ef0

                                    SHA256

                                    fe32c32b580e12dab98530baaf5ba0da7aedd2e346ce88f6b81d4b962bc9641e

                                    SHA512

                                    6118e01d560043a815f9d648d8c975c3dbca86c3a3e857b73cefbdf2a04e8f7e865d3978893ea7230e12732e2404b52a32e34da117ad77c34650d8d56be25986

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    552B

                                    MD5

                                    d9a631dd58fb1d670a9a06b785d00720

                                    SHA1

                                    cc86a0098e277d75c64ec4ac8af875849fa97134

                                    SHA256

                                    da7d79a00a970072bc035c652ee898fe494a19c6c8cc6efe5d84e71b01e6b18e

                                    SHA512

                                    fe2ea81344974fec1da90d8ef4ca8090e24ffaaff9894382f2c581eebb6132b4f014975921c23b059ae5ffae8a320a7a27237de34790a127da0de402d189767d

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    19b5c7c15cf7a6eb220104115c8a4ae7

                                    SHA1

                                    6ccc6df6d0c96b747e0ff21b616b23cb8ca68edf

                                    SHA256

                                    c5f74bfa0e41125bdab6fcf2af4fc45f8c0b9fc367f0e4828e05d79caa345aaf

                                    SHA512

                                    676dc26f5079b53bddab5b14da2eb007e107797ee2deec314e819c9421f76bd55b1a065783ec980e60580fa50dd1558392190d433a5b7622e11ca16dc0a8b4c5

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    c49b84c5b2de91ee7beed2add16dd735

                                    SHA1

                                    a84368fb9d71211ae381b17a6066eb615ac443c6

                                    SHA256

                                    dba7a5462b1e70a0d21a13aad826e4779e86f4690bfc04b2f7cd8e8d1481c042

                                    SHA512

                                    fa582b3404d044a5bb818477acbe35a4cadce6421eb37dd0f9efce5691a2952afa0bac0b9489c50202cddbb1ea89514c3ddae8a2a96e0ffdb0fab411441ca3e0

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    d4b4ad73b71b2cce9c2998c7bc379a48

                                    SHA1

                                    bd5ac2b895680c886e004a7e1636fceb1ee9dd2d

                                    SHA256

                                    f7bdd79674323ac1828f85b01855ce588c0ea955bd887cb9c0cc764eae8d321a

                                    SHA512

                                    712695dc635fbfaaa49914f56a1b31ea89faa8c922646bfef84fa43c2feddebcc688437e1b3b2159ea8f2eb80d72e880d956cf5198fe99d7d25f3bfe77fc4f11

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    9KB

                                    MD5

                                    1a22e79c07cf5fa00db6a1742ef9c734

                                    SHA1

                                    e37cde4585b870b7f5c83dce5f262bc020be47ed

                                    SHA256

                                    4578ff56d9589f6602da9ef3fa3192b5801045f060d856ed32022f3ebb7eb4f3

                                    SHA512

                                    c58d3f7006b95ea6e45e119dc0d63a430accc7a7f35b804d7f59a685fe9b982eda983a51b4be84e3758eee90d843734e4f28063d2011dbc0f2e3bfc3893dd641

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    b81280e7534291d6acded64c01823376

                                    SHA1

                                    6e93ec695a47568c60f0cd5cc11a60612dac662b

                                    SHA256

                                    0d36587b559fbc25db37dab5bd3ad2baf6772070f461ff0f80259388935cf675

                                    SHA512

                                    c6ec486868fd43c3804522de5dae76c590cae748e6507897ef0cad307bd9eeb27061033d2f46c1849df88b51a3b16b096d87ec409ea098924dd6366d20aaab20

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    9KB

                                    MD5

                                    8451d7d913cb9c75bb8044bfbdd2e11a

                                    SHA1

                                    27eda70291c4025f975b12f1ea4308feca7d0a07

                                    SHA256

                                    aaa4d74606905d66bc89e451290c0b59e0966358a007986743f48283b91c1919

                                    SHA512

                                    83dd6fde83022f5eb04c8931b94bbe22654c6782ae9b9816555d4362703e5fe42dfe3e3738fed225ef65578d014b1d8ac3ba22712b1f4a0dc4130db0f4125944

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    9KB

                                    MD5

                                    2a13fcdce5aa71744fc9eea99faf579f

                                    SHA1

                                    43db4b404a9b55d72305dadb8f0379c41d04f322

                                    SHA256

                                    b2575d931b05325180019fd2a44e9db9b55bfb70dc5cb907e004c2cd7762d227

                                    SHA512

                                    3099aa7423f30f356127a396974cb4147d9812824c07a2016a8ec28c5cad1427e90e7314825a8cbf5f6939b970f8b895d149d2948930be65a2509acaeefac149

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    46295cac801e5d4857d09837238a6394

                                    SHA1

                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                    SHA256

                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                    SHA512

                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    206702161f94c5cd39fadd03f4014d98

                                    SHA1

                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                    SHA256

                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                    SHA512

                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    0390e61505f67f4d581a8222a22fce3f

                                    SHA1

                                    67522f2e021b355116cec9cb1d1abdf8cf9b3288

                                    SHA256

                                    af1e8d538811df28420ee91cada1ac640f0801e67238594715f08a4429a58217

                                    SHA512

                                    dd82737b6c40bce20ee90f78e0e4e0583fd2ad20fbe9a357ff496da650619d6a963da43aea88dc05c8d67a3183e7b569e150535ff4cbb47d9966a0b3df4132d6

                                    Download Submit
                                  • \??\pipe\LOCAL\crashpad_3260_RZUUOPCQWTCLKPNZ
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit