Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-05-2024 06:27

General

  • Target

    https://unswscholarship.godaddysites.com/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://unswscholarship.godaddysites.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae23946f8,0x7ffae2394708,0x7ffae2394718
      2⤵
        PID:5016
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
        2⤵
          PID:1224
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
          2⤵
            PID:4488
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:1668
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
              2⤵
                PID:5176
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
                2⤵
                  PID:6016
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:732
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                  2⤵
                    PID:6056
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                    2⤵
                      PID:1092
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                      2⤵
                        PID:664
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                        2⤵
                          PID:5756
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1203521252764679054,7663959487215716087,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2936 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5144
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2044
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:5968

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            2daa93382bba07cbc40af372d30ec576

                            SHA1

                            c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                            SHA256

                            1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                            SHA512

                            65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                            Filesize

                            152B

                            MD5

                            ecdc2754d7d2ae862272153aa9b9ca6e

                            SHA1

                            c19bed1c6e1c998b9fa93298639ad7961339147d

                            SHA256

                            a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                            SHA512

                            cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                            Filesize

                            480B

                            MD5

                            b9ea8f12128cc3080ac3fcb4201c7bed

                            SHA1

                            fd3dcb15a01459ad91a2c60a4d29580873ffb537

                            SHA256

                            1850c34b3cc4f6506d4b26699feba4588301d2bef7c62424e1a3bfcec2b53a5b

                            SHA512

                            8d1516ad605508d10619a738c753cd46ddb58233086ec56cc299d2b0544130c26c9016db1a9ba6ecc68cde2822f28e4430cf0dc8fd3ecffeaced1ccfcf7cc0d5

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_unswscholarship.godaddysites.com_0.indexeddb.leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                            Filesize

                            357B

                            MD5

                            2bff37089c6e595a4470fc633549b37d

                            SHA1

                            25f051cb85bdd421a5283c6456c1358c23eeed88

                            SHA256

                            62ebb72bcf594596e5a2839ce93763a62eced45d4cd065101b357ebe8fa8ae1a

                            SHA512

                            02671198a90fa1bccf01003f98fb52ecdb3a91880792f4e29de784e6161e3092f80a9b2ecd1a69594210d193ae682103fedb1283a0317e45d026230162ba77ae

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            5KB

                            MD5

                            ade1578085beb361b3881e4f0378f88a

                            SHA1

                            6d8d45e734c7f386453da5e1362547952dd222fb

                            SHA256

                            d5857a4913c64adfb520e284c1e6af10bfb712cd532af3e552840be01672e4d1

                            SHA512

                            918b54c93c8942cdaa5997b24a22b88549982c1beb54b3d5a978719c5be18293d9543fbf5d3156af48fa13e62f88af2b1c90c0449e4f88e2fb46f3720c1b90ef

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                            Filesize

                            6KB

                            MD5

                            fed207aac6d3e4a9d617d49b3cb5ed08

                            SHA1

                            13dfa1c337133b98bd268c7deb4f4dbc56e7cd21

                            SHA256

                            839079deaa3574ad60617886587787822adff271c5ec4a00a225d54e1f733f96

                            SHA512

                            c583b73d3429024b711fe22fd0fdbd02cad7364f2b186c572f7c48ab217abfabc2f6f4a36e33145f6e9b21aaf2461d728692c28944dd29f672a2bff34705a546

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\10a05cbd-056a-42d8-8d1b-f2317bf6d6a9\index-dir\the-real-index

                            Filesize

                            96B

                            MD5

                            7085f408a76a38cfb075582e11d59d7a

                            SHA1

                            28cd085c115c762ffa67d4bb443b4fd71b5f0766

                            SHA256

                            55dca70837913eceb4997725b449402ba07948f6fc74619e305e859d7b72ffa0

                            SHA512

                            0e8f92b517fdcecaa4919e7ee2c92480f1719feeba7d3c462005ef67aa884de2d0b6df3cd041aaddf2dc829b821570ba298fbc4adbc406909fb87c87eb139fe6

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\10a05cbd-056a-42d8-8d1b-f2317bf6d6a9\index-dir\the-real-index~RFe579059.TMP

                            Filesize

                            48B

                            MD5

                            f9d6f7763c8bc31b62b3c9c2f0d0663f

                            SHA1

                            7ba3acb6399a86967f98a402e0940ec43e667a1c

                            SHA256

                            9161d6fb5c93957856933f6f41add320e0883fba8da7385307184badf0ee9e9a

                            SHA512

                            578bf549793ce409d6d52ee77cb994ee6d1b8bd1243936e032d0e0d97971b585022a0371f84f105d1fb141b9dd07cdac47b7d22c037affd6c0b504b02a46226c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\884260f3-4948-4d3d-bbd2-76fbb069c25b\index-dir\the-real-index

                            Filesize

                            168B

                            MD5

                            b4f8a4292fc240b89f1937a9ee692de3

                            SHA1

                            be8eb0f3f7a6d41206bfbc2edd39620b2c13aece

                            SHA256

                            7148fbd3bf3d20401a225ae0ed3efa932c4b0b43bb9fe7290ccdcf3e6aca8b62

                            SHA512

                            c98a76b3142e3cf178ec9f9d86d079a6a9a18f7286f67d6c4417c3d0ebde9acab368e8b1b8669ec7059209e93141c66522ade09cd43e5c0b1b58e644d7bd447c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\884260f3-4948-4d3d-bbd2-76fbb069c25b\index-dir\the-real-index~RFe578f01.TMP

                            Filesize

                            48B

                            MD5

                            af8db94f75adf4e92d4cfddce25b35b0

                            SHA1

                            cc10817bd7160e72e5d1347ecb6191194a975fd2

                            SHA256

                            06d8006e273336e089d6e7a176fefa363987fe6cd04a60a72b5f21e863e38d90

                            SHA512

                            2b1c0fcefc8729f795736315547a3e6a987e7631bd3229e336d21f9fd1ac538d9354542ca993e1158ce86280f5dd15c04c70dcc6606619d5e19fc5a5d38ec726

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\index.txt

                            Filesize

                            159B

                            MD5

                            63de5a19ab5e61851427226792746248

                            SHA1

                            bd90c2341829e58a02f47b4dafe78196d6e1ba4c

                            SHA256

                            0b0a2117409ceb49bdeae93a04fab9bd3cfe7a6b1ca20d3c391f41fc154231ec

                            SHA512

                            f577da8900422b3dce495e42af9f529eabf01b8acbe92acdef3df18aa99c9cf0fa1d74710eb319755e0778a3e26f29a6575591b2a5b67bd1a2aa4b4a0a31974c

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\index.txt

                            Filesize

                            221B

                            MD5

                            5ab0054de4a9e64126054af17554c4e2

                            SHA1

                            779aab5eb37c830900314f0f6117db218f067483

                            SHA256

                            5bc02e89a46599e83a260ea9ebb831d71153900aadda3d71e1f510d8d1f88ffa

                            SHA512

                            9495ea1e2616e77f4e706b1bfa0be9e289d4db41dfb9ea951b9497e6484ccbd7869cfef51f6a4d27527441373b1e337c9cba57cc429e9fdbd97b5768c70a58c8

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b7b6d499b373f13e6a9b1b21834e5a8082912a62\index.txt

                            Filesize

                            216B

                            MD5

                            6265ed38c017293354ea1f2d6b223253

                            SHA1

                            f9892ece64f46450ab6469f786d70ae2c48bfb35

                            SHA256

                            a7ed83f193d475b27defe3568302ff5029a5aa7853ef985b2c425f1d096eb17c

                            SHA512

                            e8af321f529ad0f525a2339e2f0068d9b229b01a05e421bd70b1af5970eb164c26e4a227d1b5d325e2d392099c9aa58aea1826de697d658bbcd16139b29f8d32

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                            Filesize

                            72B

                            MD5

                            fb2201ea2254bad86cc473062c4cf15a

                            SHA1

                            3d027d7dc1460325fa9ce4eed6d27febee491efd

                            SHA256

                            3c0914cba6fead69fdc89812436e77230a26b00e9fcb25b860fbcc195832154b

                            SHA512

                            7627066481e4bcad16e1db8b85a2b5e7a0a6d14e29a1f75adfeeb25638ac8d69053aaefe0f7e8058e51b6e5dbcb364263e46b45b35fe7a9fe66164e760703fd2

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578ccf.TMP

                            Filesize

                            48B

                            MD5

                            53926927af6a82734cf15d0a3d8d8f03

                            SHA1

                            380046c67d99690b370f206d90d25b05fb82506e

                            SHA256

                            bd742a4da2402c2c6ec7df1e6d408e1158d71817152985e63706dbaf949725f9

                            SHA512

                            c88898418f60052853b336551eef0febf33b74d609d0a11ec66718fc1da87fe45c38c10c88d759fd04629b4dfd199571f624c239e043779f4c92d0fe8b3ffd5e

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                            Filesize

                            370B

                            MD5

                            3d591b80709f53026f0407a5389e3a23

                            SHA1

                            7577f84008e310561fe4869e83aa5961108d4cbe

                            SHA256

                            900a0fd571ce1838e741f3cebe62a7284c970c14be5b4e49819efdffeb4334b8

                            SHA512

                            2152445cf1569e2351df33d1a4951757bad47c29a771c615cd988df0c921dda2fd094c5be1e4101156819930b4b1232a5979edf251ff18cc95c48273c37e4257

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5794ed.TMP

                            Filesize

                            370B

                            MD5

                            9be588faf9ef80e61f176d70047055e0

                            SHA1

                            283e5e2c4fdae4bac31d8b99ba24a918fcdea643

                            SHA256

                            1f016d96f12022284e0deaa1fb48e8614aba8598e54c850031d242a807f15648

                            SHA512

                            ccbdd8722736082ea070fff9ab914b8416b96375102dd76f53ad09752f16ad7be67138128180590fc8526f55ef08d2873984391eb320750bf8c33c764d9377d8

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                            Filesize

                            11KB

                            MD5

                            349c03b300a01a843a93e48587c20128

                            SHA1

                            13425cc90e9d49798a1c860de0cd12d3a6280449

                            SHA256

                            a81379394069fb846c6656e19c35e7b1f3086a725792564e75a6100eae250043

                            SHA512

                            f22001c7dfcbe3fa609e83424ef6fc6961e9802de7dd2a305ce29a0dae3f2664a8acce737db33afe65270a28e7b753db02e21ae58af2739aa0b75610cb346c15