Analysis
-
max time kernel
904s -
max time network
845s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 13:53
General
-
Target
https://u.to/BxGzIA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/BxGzIA1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce9947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,3257711246130776874,2455967550965893321,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
192B
MD524a257dd6a9f13361bbbb011821eb4b1
SHA115b4eb920d2066c68e9d28ca63b292024bc5fed9
SHA2562f64b3455fd3c3ab91ad69c8835e5586fcafa68e754ccea37ab0f8b537c6cc20
SHA512b0991d6f477370fb8f19c2276221306edab95d468ea72f1d6cbb4d2c38403227bbd14ea9bcc7a045eeeb6d6fa86af48b9bb49045229673d3127acd71791712e7
-
Filesize
721B
MD50ea932cf94bafb63f26e8dd883beee7a
SHA1ce624a676664388626be581ca4735cd5f0491d33
SHA2561151f2199d120bff49ce9ceec9f260f9a95b3a6db123b691ca6f653688e1faf6
SHA512df8bcdac3cc9c1bac8dbb4f4339bcb02ee0d8200a8c130cf2db7964b2e5f5a54f142f03137fbf1fab57bbb39d8cc4f12b234c3de701c83c35d3439e17a430fda
-
Filesize
721B
MD5de895017934b98850be14f875c971052
SHA1fbb67cdb8ce233321e857d04a82b1b23951fc08c
SHA256e1c815a80d98400e737405d600a061234388ff6211d349deaf64da0185b8e25c
SHA512487ba6c0157b3e876ec7c85d9958f18298d5f6ee7a0b6814ca1d02e39d40ee1235eb100cdc15a512ecfcc698f18081b726f34d6d221075469a4059cd3c269bd2
-
Filesize
5KB
MD5f1882cbdb99585a658eb6b870666a1ba
SHA10c93246b57831a51aea20aa59e5664d8266fec7b
SHA2568983d64170805aad3ab36e4c04e9b7eccf4d1159407db7296392c00e9eb336c8
SHA512b8d9586c100ed4cb29816a56227d69c0f0763355abda4de8321f45f38c58da18f034bb8eaece303158942bd2023bf07617bd10b2b3f0cb59100883521cf1189c
-
Filesize
6KB
MD5efae3ce773b07d44565bd4d5011bb5c7
SHA11318cb64ee111461b28d566b6cb4af9bbaf79337
SHA256d25a83e28f40e2312bf6c5163b95b82dee59eddf4dfe891c1ffbc356972a015f
SHA512ce1e12748fba31fc3cf88aa97704dd61920b7fb1458b51749a1f3f20bc5a9cbe4235fce2f579db0699eeb76beb657f43deabb69dca66f89ebd6a75c0a791a9b8
-
Filesize
6KB
MD57db7308fcb532248bdb21e39297e5751
SHA186795b898960dc3794ce19429663ba9c9d829ad6
SHA25605a779487d484f29966f0a42609f1181529a00ca9eace2e6c639ca5962bd8f4f
SHA512db5528510e56c775367f5e97602cd95186868fdb064e9911bc2f686361b9f9ce71fbb65cb289c7a3bed130ca658338ba65f47ea5697536648a85626cc6ae7dc7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD526c33af704fe1b93b5333e94e6b16f00
SHA1e77ef9ada59b4b85d3b204532b0dc99d25132fc7
SHA2567a17508fc0ffdf4ed32f331903dfb8112ba0db189692a1d00cb47c582ec20454
SHA512d743e5fef22aeb3480c1597b86ac8346eb85956724d964cd9bd585e3be0acd4345aba63542aad09346c7e1169c6b79cf0162603ad92bb5c05d5c7e9d79d5f308
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e