Analysis
-
max time kernel
86s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 02:32
General
-
Target
https://github.com/ItsMrCheeseLive/Free-GiftCode-Generator
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/ItsMrCheeseLive/Free-GiftCode-Generator1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcab8046f8,0x7ffcab804708,0x7ffcab8047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1221435444238484733,18194068653323481621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\logs.txt1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Help if dont work\Dont Work.txt1⤵
-
C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\606.tmp\607.tmp\608.bat C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\Ultimate-Gift-Card-Generator.exe"2⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Free-GiftCode-Generator-main\Free-GiftCode-Generator-main\Ultimate-Generator\modules\paysafecard.js"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5d2d66d43da4439fdf48121aef929c6a3
SHA1824dbb527524527b35e4d24e79ef277cebfe330e
SHA2566c559f18918140f9c9084ada4d5db85f6b0383cfbe1beb01db57435cb3704f29
SHA51215fa74ee625087f88e801af06b3d149ff270328d60e8aaad0f5acd69f0e33d099c399a146fcfe1b1bd63691b3ce053559041d7680101d6431bae511e678e5991
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
573B
MD501f8338854dcedc508e2ffb7acb86e92
SHA108c96796cf4bc927626bc6a46897410f788d4bbd
SHA2565e079b773e5f91c8361cd2235bc9ce7b3966e407f04dbace532914c941006350
SHA512dd3dbe305c5e7254efe826a70e2554a3f65a88d64285c50582d2b5ddcd32a04825f75e339da350a201797dc9236b097e3a719f10a04372b183527f49652929e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59109098f881007d6e44d4c52bf233289
SHA10ea3fb22c3ac8d6c6066b770213c4f908976c5ca
SHA256564beba52c33b2b4fbe0b8c6faeb3f2a58cc38cbc5c3a277693dc780dd9187b8
SHA5120fb3ca9b82673ad49b291aeba914dc1fe3fe0b0e74376a8c404ea354a8ca77aec68582a64fdfd99eb983dc6b73b77025d8cf32d195517e80e92cd473375f87c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cbebe1636292ed1daabebeaba651ccad
SHA10972e7e5f4e982a7f3c8f16cfe3046fba7a0d16a
SHA25615d960255f97ae1578e66f5153ed6c5a8a23be9cf7eb10bdf1698cff00f2d87a
SHA512b83dd2fc235a62b92a08894e309367b34a8da740df5900efef1cd9f2a8a20ea0872d1e06ddb7ad2ed62c6e3ec35cd7ff679fab3121009bc5870faa88e96d3068
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e6d83cf1377878f32aa1f8e60cf71d47
SHA1d199e357bc15a30bf12111b9d9a49aebf314938a
SHA256b993ccdcf6619e672225cbb14ac2a60788c55d6c76194f62d601b76cd720ebe6
SHA512b0fa87b10aeb2740fb2be782ca7b451ae751845a8c8c5fb28a717908cb07e573fd80d0d2dab3b8553db36a1b4bf1b766b53b486f215ccc16e1af11fe4f15074e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5e6cae5b4ad649e83ecffcdefd1ecbdcb
SHA1909e2ceaf3be52578dd2b3aac09d94f770a64bf9
SHA2565af55d92aa05c4a9a8ad6d9d36fd70ef662362764440ea9a353ba980d55b1cb6
SHA512eda30641608ac79a4ea63002824d8c2284102a2b0b975fa792ccf0a2320f956f62701c9277cf3e6cdf8c61ee61e5e82b90eafaae68ffae4171e3aea5889ef1ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57953b.TMPFilesize
874B
MD533945242f718fdfa42b7227bc1ee1c99
SHA159844b5e3cc26564f3dd54c46b1b5b9b5b10a526
SHA2565292f6316ec076864e30dd60b5d4167f0e74c696b3bc6f5398968799889f5670
SHA512740e3040706c4ac70a9f3bc0f4320c374f0fcf7ac92542af0d0950585149c9405f85b68fa3adf88fa57afccb63d06314adfcc3b0210d280d4bdeeafeb03e482a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59d17d326befb1abff85207e965643f40
SHA1fa17efe3cfce3372a5eca2c3130f59fc43db841a
SHA256362353f5e9b8e237a4c13ed8c666b282c477ff5c269b341b525fe5e06c23619c
SHA51223f39cadac0dc47a4fc1482302243f2c793dada1f7cc79f6eea5474283d199950b3d914c3df2021220209f5893f15b20d6a5b3f3400024380d9698fe8ccee848
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55f9074b77961be7cf1fef3d7ccd935e6
SHA1104303cddf4ab1fe116b1de3cc6fdd49cfe1fb35
SHA2567fce730bd1592e7b683150bc735c078831e481c054549a2e42e0b45aca59ef07
SHA51272fb4713c4223afc08a61efad2b7ac50727b32b0380d448378a3fafa86d4c26cee9bd3956af4a9e11bb1462cdd4c48304940c0096611c0a286419c10ffbf80ba
-
C:\Users\Admin\AppData\Local\Temp\606.tmp\607.tmp\608.batFilesize
2KB
MD55cafdca703025cc67f10550b33fff79b
SHA10ac7c7eac6a8533645bf01a29d5a86b81dc5f343
SHA2561d8b7531aec926a4f902373b4d00004692fc2b07d0913bdd576d97bd825631ee
SHA512057653b09a141f940e81d58cb43b199e6f7a3dd6194eea33202bc9f86fe355a1b7f0e961afb4fafcd447b4be988ebde126e9613ad19fbec8d327e90a34de1a58
-
C:\Users\Admin\Downloads\Free-GiftCode-Generator-main.zipFilesize
118KB
MD5dcf6bb67024c988985c024327a594f79
SHA19214dca073e57841fa462b75fab521f5e1c615e1
SHA2560f0ad31555ae43b39ae9a705dd7a22a5c67c6192aa1703005d7e71c128d16f00
SHA5124058f3507a152639b46d9d19fc9ff4d1390921fb1a40118f0722d22a10c9028dd867051fc9d0a75522e48b6464fad1fb8ef209c1cb07ddc4f44da2d16d75000d
-
\??\pipe\LOCAL\crashpad_4036_AEXOVBYLDKUWVPIIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e