Analysis
-
max time kernel
49s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 03:06
General
-
Target
https://www.bing.com/ck/a?!&&p=ea9866f4d5e4bfb6JmltdHM9MTcxNjI0OTYwMCZpZ3VpZD0yN2JlNjc0Yy1hNjFiLTZkYzgtMzQ1Yy03MzJkYTdlMDZjM2QmaW5zaWQ9NTIwOA&ptn=3&ver=2&hsh=3&fclid=27be674c-a61b-6dc8-345c-732da7e06c3d&psq=ice+and+fire+mod+1.20.2&u=a1aHR0cHM6Ly93d3cubWMtbW9kLm5ldC9pY2UtYW5kLWZpcmUtbW9kLw&ntb=1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=ea9866f4d5e4bfb6JmltdHM9MTcxNjI0OTYwMCZpZ3VpZD0yN2JlNjc0Yy1hNjFiLTZkYzgtMzQ1Yy03MzJkYTdlMDZjM2QmaW5zaWQ9NTIwOA&ptn=3&ver=2&hsh=3&fclid=27be674c-a61b-6dc8-345c-732da7e06c3d&psq=ice+and+fire+mod+1.20.2&u=a1aHR0cHM6Ly93d3cubWMtbW9kLm5ldC9pY2UtYW5kLWZpcmUtbW9kLw&ntb=11⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,108315068598236227,14950102039785194174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5d3dd18afad014d306642e58499ae41fc
SHA19502279032d9f89318ad5d4f4bc26d1b105de3d6
SHA25685c9f6c67acb5aa27343c5b206dd3c023bfb104ce3e42557cf695ac3b660f1fb
SHA512ea7231c5ed39ef1eb4e0d026f6a79c0a3a31d50e4cebef8c156ee7e7312d7d5cdb4bb73ff9d7a2504094c0fa8bb432609d5c83e30563591fc52d926885de79a6
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
8KB
MD5d06bdbd23bc34b9ddfbe70660bb3b354
SHA18368b3aa84448822756607c653f6018bcdcb2e48
SHA256f0d559e16785d79b5b2c278e99e9ed48bd5201a13a0cf2d16c5f93ec9d1c5b6a
SHA512bf77505869ad48ae88c1bc9ec14a2f18b2c0f5563de2a195b6cf8b3b948ace78f933681d24e48585cc21084f3ba767b30afcd1fa5713e071a9f6913da38c3071
-
Filesize
9KB
MD5f9d4b11c020af6f6619c92d72a015b8a
SHA10a8d14aec7fb56c94b95e73eaee25118da8892e7
SHA25673d293d462ca8e1943235af6f52789a5a67a71c6316abfce158c177f85e2fac1
SHA512a94179443a5595fd9d80108a989b9e04ecc2dbf74229cfcd69d8a4f80b70a291fb1963f66a89fad48cd4e9e2c754481186813f388c8a17766fac99f49b0b9772
-
Filesize
1KB
MD54c42f81fada0fbeb9092ee00b8eb35a3
SHA1da72bd1805e88bca64953772a28b3e8ef57c6a65
SHA256a4fc9b1aeeb75998291e620e70ba547ae71cc7453ceac97a5cdeec9d5c9bd276
SHA512521a19852121a2b54a91ad4eff3d015922ea83ead88cb0989dfd476ebcb933950caea1ec9d4b5bd5354a5a42dd01a3e3f4618328547e977edd40c924b77179f6
-
Filesize
8KB
MD5d47a0b62c8c881955113d4b9b379072f
SHA16301917093819c232048ae04fd822b598b243b03
SHA256f9de5a801704b482cd385743763b2854c30ff837a1cc106ea22c08b4262195c3
SHA512aa0dff40b8a03fc59d698bd1fcfeb3398e6ca279075d3f78d3f50e7beafd810e4499e8761509b94bd8e99e856c03eb11f46d544a0a542beb2c50f9eebc696374
-
Filesize
5KB
MD5c76b2eb381f36bfff4f67a550deb003d
SHA13ed642c21d0789ef29d9ec91caa5951511e73688
SHA256de7aac6e61c7175e51640e95977f03801cd0a866620123a8b86f5fa4b511e680
SHA512d253a7839173a8a2084913962466e7b7d5d190adb087964c6912340d5c25ad1754de77979a090867509c0756efdf01ed9350a1b7b57129ccf3be3740515432e6
-
Filesize
538B
MD5ad709d6871ad4f5454c4c75707a63431
SHA1c0849d67e06377a8ed45c13cc82487223084409e
SHA2565b5df145844f7b13001389b35f310d9995d91450405a337328856f8a7deb20f5
SHA51259e36adcccce6dde2393ea0e640ceb5367313ed82580d947843c99342e596a06d790c30f02f9df7e9e72d1a2c8b8fd32f645e9e6168e9fd5913fb525208e7bf9
-
Filesize
538B
MD59cd9849e299003797da30f22f569e9a7
SHA1f3f5f5b3c0361c89c78cd7826c4f0f3de4c3654b
SHA25668def2200fd4f7bd7b6822d458950ea54a9d29617ba44aee052f79ce76d9797f
SHA5125a98c8b055d711eb6c368c177275cfb19f20c952da69fc034912c3709482fc2398ac95bf83b9a591813a8d6e9a1644604485e56899ff49a241786c8d3f027e14
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54fde5a5d68268498963f711fad7af4d8
SHA1a1f146419fd3009435c0d6bd9b2a0237f92b435b
SHA25679e7bd532fe9a50fd604458b77314f6753ddd2c60bd35981056a5076c1e0d1d9
SHA512b54ef50586e701b5bfd55ec895bdd6b37a1dfba3e84b93e4e752d3b9da194bac08c61d5309004c19f1f508d5ee5f43f208569d13586caee521aa45671f59225f
-
Filesize
19.5MB
MD558c453b85285c4e82cfc6fad35ffb537
SHA14bf427fe3dcf8b7c30ce64ca1b61550037ff60ec
SHA2565f52931991f8f7d8dd7f52952dff0f93baea6dad9031f25ce8f864771b362257
SHA512ce67f6dd5a5539a58075a9007bb88bdfa7c1e74ddeeb2dbca329c5f2df6e68b776949ab67bbeb61a0b109fea30710d4b0efd83001c9450f8488f1acd60961845
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e