Resubmissions
Analysis
-
max time kernel
48s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16-05-2024 22:25
General
-
Target
https://2p6i4zkq.r.eu-central-1.awstrack.me/L0/https:%2F%2Fw-si.link%2Fle8dxhDXWgEFf8g6N%2FY2hyaXN0aW5lLmRydW1tb25kQG1lbGJvdXJuZS52aWMuZ292LmF1/1/0107018f74f17e1f-de18b007-5b8d-49cc-9b91-d6b67baa96c7-000000/-jDFgDAr6ayBHG0voHJXpqJmdA0=154
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://2p6i4zkq.r.eu-central-1.awstrack.me/L0/https:%2F%2Fw-si.link%2Fle8dxhDXWgEFf8g6N%2FY2hyaXN0aW5lLmRydW1tb25kQG1lbGJvdXJuZS52aWMuZ292LmF1/1/0107018f74f17e1f-de18b007-5b8d-49cc-9b91-d6b67baa96c7-000000/-jDFgDAr6ayBHG0voHJXpqJmdA0=1541⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff942d846f8,0x7ff942d84708,0x7ff942d847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6600 /prefetch:62⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,14985830349448576422,5988750810690273369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
204KB
MD541785febb3bce5997812ab812909e7db
SHA1c2dae6cfbf5e28bb34562db75601fadd1f67eacb
SHA256696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483
SHA512b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919
-
Filesize
504B
MD57e7f5b0fc1079164a25f2b6d43ff5bbf
SHA1d122aa9fd85538b3bdd4b16e6331a576e59a288f
SHA256ff23025d178d9dffda352f4ebf85cf20dc3574e5d7521a9a2476ce184dc9a41e
SHA512616df3718b512b484fd70e0f5efe016e516f6e70fbb2f8042072ef57710fc06ea30fcac2b3fd8a098af7b0d18c3b15c5d918ebc422c811206b7554d387adde29
-
Filesize
7KB
MD5c3cba7088f8c134e439fde5548932e53
SHA1ff96ff7bacaca0525761a22961070a41edfab0af
SHA256e827dde766efefba8d7c21fbdd13f93b1be66481c1b376ac72752a48b3fc8b16
SHA5122c43e09b5ad66535740b9dc046e5bb17a77559365722dc880ea505b4af2675c294d1e8716d63e6b91b921cc605ca048272c2d7765244e36cdee142e82b927e06
-
Filesize
5KB
MD50279a207216b598ef0dd747006fe1124
SHA177e3c2cafe01879395d8f5d1fdfc0f55fc582308
SHA25656439826e5ec1e281bbcb1b40c3a0dee6bb416cf707d91a7c4a08fac8a8c3ddb
SHA512a59dc425ac1cb71983680af0d768eefcd02d9080713a6f07d7061c4bb948cb673b71a29e766b5fa7fa83a3e78d50bee123707ffcf7d41c5b1b1fb909db5d694a
-
Filesize
7KB
MD57930e31eee14e8bbbf1e3e86de490fea
SHA166f9260533a12446cae2079cfcdd60e35f42189d
SHA256c3dc407b8a794a82e3dbf45b33f722e190f2011ba0750f5752356a2d4957ffd9
SHA51211feacf175419fc929cc5479a925752a2992e06df441292f0b318dba4003d05082581c202989a4efbdbe8de4a8eb4de761bed80cba24fbd9b124e8b637f82303
-
Filesize
7KB
MD526f54839d4fef1058ab8ec9a349f49f9
SHA18109a377a69e36c24ae03a4576cce1b639b47fcb
SHA256a843f0c32442900f707cfcf7400bd2e51067927e96e4b3cadb8d6dbbf72fad2b
SHA5125f156299a5e2cbe2cf09aa10a2e7c017235b637250bb90b45338962e32bee63949c8dbc512f9bc83985e45987eabef74b7485620e5fec7b0b4d287608e9120f1
-
Filesize
2KB
MD5b5c0447eca7f435466a7eeae53a6402c
SHA14539bc2f4d2f09c68ad32a4d413b60f13d802a48
SHA2567d5064cadb54290c4d0301e36e7400333d4cc050da7aad64784ef2e5fbde9f97
SHA512ba89e000d340425eb5976dc75263f2b5473afd8f606638a6f95ce073b640712016509aa05a262e143af52a88dda356dd03681e2f5db866d2e65c4c7876cd18a5
-
Filesize
1KB
MD5f3f24a36d5c729fbdcfc860d474d8345
SHA17688fe12b83ac52193c2344a56d8e2d99170135f
SHA2563b3501a24d7ef8cb444b6648ecabaada38595056535a9098b2704403ef01347b
SHA5122c11edd842e944e7f05282fc9728290b5228a42433030a41a6709676c049da7500fd2f5e3d32b009ad5cc97dca474101e4caf80e07ebbf4dee443fa910e01668
-
Filesize
1KB
MD5bc5f08b806db9100cdffa8002263c91d
SHA174b1706cd8fd950e8f306b21c98dd4c8a9df9db3
SHA2562514932d503c45b489dd858b3e49abcc9a176b2b39a5be954f393da68e86e6c6
SHA512ab3d0713bd5a2f73badfe4e10bfadeb162644ac1218e512cdff471121b7011365df987f2c5c564aea4e503176e6bf02f764d8ad0c059ec05bab183afbe4d27dd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d8cbdd3dfdf8d080aef962617f1322d0
SHA1032dbacad8cd42623c2cceab9ade495530d2d287
SHA256cad8c6a97a581720440813d2f4205f655437541bded52f69a03ae6511dd7fd05
SHA512a794804213fabb443e666fbb9a359709c49f2a7ad0a274e6588adcdf11759e3309f05b623acf56ebe954eed836fb7012c115841c420224bf777625e3df3109cb
-
Filesize
534KB
MD51fae0d7d1f5646bd4642ecae0c1482c4
SHA1092f83d223be08fb3249319ef240de31da9a92f8
SHA256d2db64e51033d6633bba0fc410a4688b62f0793613fd5d6daa2e97125d474006
SHA512aedb9bc4f3c40dabf0707ca0fec1d0134961d5ffd75d076a82bb629eb8eb869042debaa8aefc216d8281e3bee4b8c0de4f551a4c65370b612abeaf21a19ddc49