Analysis
-
max time kernel
145s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 22:18
General
-
Target
https://www.dropbox.com/l/scl/AADZipUNzxnmpbul2mSVPxXUWE6rURwZ6DE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AADZipUNzxnmpbul2mSVPxXUWE6rURwZ6DE1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5176 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,779097403365835050,13314290528259426212,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
1KB
MD58cf15e92f558149f14732b6e49498b8a
SHA1e01ee2aa4808397dc2a07e7258c23df4dc1b73ef
SHA256236d387acb877165d898362d110e03c2adcaea650715ed4f1bc5147dc35227c2
SHA5129539c57a0edc6bc830a5ddc25b7d9bd1c9a19a82c35be406aea4dc48c8b41fa616a0f17a09f107b1c95bfd73a607fdac593604cd2e19411ba03f4ca80a524954
-
Filesize
1KB
MD5942667bec9cab61e0dd060789488a09c
SHA186d1811507bb81f65090dc604b3cad38f99af1c7
SHA25666f0a1960e56b755efcab66accc8bd342e93b4e154276206133536a41ca9b5a1
SHA51208cb09a633077bf3fa0a3216606795ffbd5629c6be169b265ea3cc5ea7798c0ae6a11f208463dd36f9f661ed32a3862504e6e51915930410614a297ec3d2c780
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD59c1708e8cb8a544303b01f4079c3ced9
SHA1f129036af1722436e0688a92edd5c0263c76ba5d
SHA2562b200a07fc669ebbc4ad34aed9238b29bf25cf067ffa1ccae3ac27330d1f08d8
SHA51286b7fb444daf6b3623a29aa121bb6aaad23d8430a5efb901d9a8abbeaf38051f858ca9e560391c8c34234bd0f4a8f1bbc6e4f627288f107f035eaf03abd53b6a
-
Filesize
5KB
MD5a59aadd02a187e18af54deaecdf021d8
SHA17604d34308d52819e4454ba2f3bbc550572f5ebd
SHA2560e6dd18b1bebacb66f5871af7d63a9bf08e2159aab4e97fb51110e5db543fc5d
SHA5129438ab218a2481d6164d3d78010fa73bfde73bf64b15b5926e6b88f0632fb69602d229ca45559253a6fa61a79705cd00a3013a3e15a4b91ce7378938e9b9eb72
-
Filesize
6KB
MD507dedca13addf2fd8a7e56256c1828e3
SHA1347194deaa8e2e5030da637c126849fcd31fca9c
SHA2565c12742732660a9f9bbc33cd4717f4dfc369fcf6c42f0d51df690d5f591701f9
SHA512c40db415ae6ce43be83991a8b412243e14e29e7c03e9bfc61c300263cc4f4c0e092877641573a0925108a4f915a16668f125da712d0f904d75072b68bcd10902
-
Filesize
6KB
MD5570b7070fdb3731bd3998d9b64eb96e3
SHA1ab9d76814ead5cbb987b262ec7b8e9ff01b3f33b
SHA256e67409cec1be7730151d1ead6e2632862709bb72189cfcf940e884276cf3dede
SHA5121b9b149e0f8a641aec755f7a7cd7bf4c1c239808fa2b1fbef0c6b8a706e63c5b20fbf15c1482132a93e157db0436639712b632ed7dd9914f72c8235ec0a62308
-
Filesize
371B
MD5b06877e19a86671b1ea66529fc25cc08
SHA1fdf62d168b4259bd68f5404a3d122a677106ab0e
SHA256ada31d6008695dc76bab9d7f16ad06c7e740a104fc147f618fed69838b92ba60
SHA512e41c9fd30a19cae051c1592b5fa3b89e88b9964dcb03f1a0326b943639ac7002b3745122cb17b5ca10a183c64bea504cb45362c3625519783bf679a7296eeb75
-
Filesize
538B
MD5e4530912e86dff3c37db82bc9722b467
SHA15ab30ddd230eea83f76731668e5b1ab08d003770
SHA256073203551c05e3d96599bfac3980c41674abf38cd83f7ba250d6813ba782ffc8
SHA512e548de53dc5a171cde8edf88dca11bf81c6bbe828aa9c1d4a2f07484f76ba74a323a10aa3d506db5d1fffcf040f321793d0cd3b1ad3682ab886366b5c32a1ba4
-
Filesize
538B
MD5d58068a8bdc8eae5894bd7457e874ad7
SHA191f1f6a05cbd5211fc719a0ea8d4d359495b53b0
SHA2565a9abbac35ac1866e290cd4f96ee2d53cb53b11996dc216290433e63511948db
SHA5126c34a82e3c90759eee25e2ae835df274acfa93d2f4f6ec30a389103cf386afb14d4872ac40a4dea0495bd6063ff5d2d5c4452a1849f96c32ab97d2733c4f4cc5
-
Filesize
371B
MD526ac3eb7ef683cff34738fe2e9bf3a03
SHA1a5279a701816641de3f27ba5582246d1026191d8
SHA256cf1f73a890bfb8ffef008aee0ab40ac4ed9e5bb20176cb3dc97264d2de404330
SHA51216b70576e49ebfd0d2c2a746e033638c09ce9f35e539f32b54aa43b77fbc3ab2bfa54f54e8d792f65eeca19c8679ee9c314d70604f8863bc024e6674eec2b7ae
-
Filesize
538B
MD5e443c77c018d0c8dd65358aac1b5149f
SHA1a267e395abb10f30fda9320d9c1cd3e7dd44514c
SHA2563ac1a91105a348be007eed3b630dcb1147c4d1f25ba8a3f56cf89659516a671b
SHA5122ce19e82ac844094fe22694d60c31ed513befed848ed7efab02dcd062b7ce6a01d17e06c485ffc996ff7b82227a957d38ccbc716e2296ea137e8498bbd9e74fd
-
Filesize
538B
MD5df9baf7524dfc14b2869f613f527eb25
SHA125565a4c0e73225be684c020dda76b0d5cec8184
SHA2565c17de27daa0a92365f5b3cce90d472028f2547462791a91d123d46940772928
SHA512167803b27e2fb833bd58dbbb396dfc6cb0f1ce28b2940156cc9cc7d969a031b60bf9053ea9f4931b2347c9bb43a26830b5ea3cc99aa47d6354da56a095d5d49c
-
Filesize
371B
MD5f55b6b53d6fd444f5c6276303de75801
SHA1c1d24b0dcd3705cd1d6ae8d4fb0423e03aa17d72
SHA2561a4ad928e85039d0c7b2c2de4a3d51235e074f9a7a5fd02c701f78620cef7180
SHA51271d8545e9700eba8033192f9fdb22edadfc1cc188d1e96d859e727044e9ee8b16897fd1b637c4ec5db5def2f99c5d32117faef35eac9f6968589e0dabca0cfa0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
538B
MD5ef7a228de882ff1a44e237477c18402f
SHA10e4a071731fa0451520a94a0307829563d1c1e25
SHA256648fb23fce3f1b19c37d89678ddcce53dae68f1205efb5ba799e6d8b4f222b2c
SHA512c9b3f0e5f553c0423dc0b74bdd680051119ba575e2746e7a685bcdfe54834c53e3e02328a013987cd6940d0a35e760782925c57a0e3d949bdfd23fc2dc43da49
-
Filesize
11KB
MD5894a1f33e207271328704adcbab968b0
SHA18e383e8bd5a486841a714bd44e88b1131ba6914b
SHA256027a17d23a7d41c339b00fafdad3bd9b605419e40dcdb34505d38087ba24ab5a
SHA5124ad5cf77a3b7a5457d3514d006e531e6688a5bfe25a23b89d8b8141c899f7e6270b4af440065035c7cdceb1aedf0789ade8e8809446884dd499cf0efb29854dd