Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.youtube....

windows10-2004-x64

1

Resubmissions

18/05/2024, 12:07

240518-pakhksag5s 7

18/05/2024, 12:06

240518-n9779aag49 1

08/05/2024, 16:00

240508-tfqn1acd6x 7

08/05/2024, 15:53

240508-tbvr6acb5w 7

Analysis

  • max time kernel
    13s
  • max time network
    15s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/05/2024, 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/@Endermanch

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@Endermanch
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0xdc,0x7ffbe6c446f8,0x7ffbe6c44708,0x7ffbe6c44718
      2⤵
        PID:2068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        2⤵
          PID:1704
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 /prefetch:8
          2⤵
            PID:720
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
            2⤵
              PID:776
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:4564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16980436964964087102,14048100875832515595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                2⤵
                  PID:396
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1960
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3224

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    1ac52e2503cc26baee4322f02f5b8d9c

                    SHA1

                    38e0cee911f5f2a24888a64780ffdf6fa72207c8

                    SHA256

                    f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                    SHA512

                    7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    b2a1398f937474c51a48b347387ee36a

                    SHA1

                    922a8567f09e68a04233e84e5919043034635949

                    SHA256

                    2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                    SHA512

                    4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    d6c780b00a70ccaf0060c00803602075

                    SHA1

                    c4e8cfe8eba808843d2db77ca9ed38a465c1f3ad

                    SHA256

                    7a05d1e8dc4ef5a143d8ccfbd37957caa7fa27bcf321be61adea10ec97756207

                    SHA512

                    d840a721785db5b992c503ed2b3f61974b5ec1d5be1afb1793235b5601d885b7338911e3a092fb31291644fc9acd6b8ce953a0dab28141834268060e1b91699e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    93f4f8350c6bd899bc87abdc48178bf4

                    SHA1

                    7adbb35ed7dd1874e95017f67b4facb50b7720d7

                    SHA256

                    c9e8686e2ea31bdaff8e406c70fd803324ba2c3ee1279f39e250b49a99b482c7

                    SHA512

                    ee09d81fad6722806e410522a89e2af4c774838678310bba82df7ccb098b294820b71689fe7e4ae9e9cf4c0822021159b08d8e93dcc006fff685ee84c61703c9

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    11KB

                    MD5

                    78f8a59fc89f8021e3a329d3a6868a57

                    SHA1

                    ef21358e6423612d84edf3fb70114414dee18f1e

                    SHA256

                    ddc6b306907faf7e80c71a82b67e38c0d6241c9933c765620165c6c054a72b7f

                    SHA512

                    e063dcf76cebfe502ae7e799bbdbabed1896b0c2ab355b4b6b46c5cc1722eea40c893fe77dc877615071b56e120359cd2f4b6f5581f3b7833ab68b7deb396ad5

                    Download Submit