Analysis
-
max time kernel
126s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
31-05-2024 12:55
General
-
Target
https://rlyhotgrlstg.ru/s
Malware Config
Signatures
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rlyhotgrlstg.ru/s1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5764 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5464 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5532 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5296 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffbe8ef2e98,0x7ffbe8ef2ea4,0x7ffbe8ef2eb02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3256 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3408 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:82⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnregisterStart.js"1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39ac855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
280B
MD5a259f1002a59da76e95f9347ec71e8ce
SHA17f261e72a3574219e5b8d040641c737f81eb1d12
SHA25644ea75c63bd9c8594e5d81ca7f547831f696ef8767a64e088900e0e6e8691c34
SHA51280c36875cc7f5d7dacfc9a331c2d1a0ac793994b25743d0880c3bcfab6591ec3a26e99008ab95b3b59b5f0c9402e5e6b9498c7a46e69ed07a1af1755f9a692bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch DictionariesFilesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD5c999f7ffbb76e568566b625ae665f136
SHA1e01c2ddd00277a5c29f8d9fcfdc572c0b0c48232
SHA2565c2659cca34d3f721020b3f951cd79f695034b1c96bf109ea63bc19ad1380f72
SHA51237314ac45e744a39d04de383b38bc5423fa82e35eef44f36b8701b819d170f436fecfc4b0736c76c97ba3448b9143bb06929c284dd847ae1d1b18c8855a6b0b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
30KB
MD56de6002def71e4fbf8378667bd8e5c63
SHA1250f3866c97f3a140c25b2aa0ab92a9029d94e2a
SHA2564348e91a09c5919c67bfc92677773fd8e184a6817a77c408987632661ef3c6ef
SHA512c9c5c49c4be04448fc53238b90883089eb8171664ffb914fcb0f889da1f9b2590ef961e218a7f825d2c3c96f486a18147f42cadaf2337bbef4a3c7f0664590c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
73KB
MD5bc33eb861c48a5e5c322350149ffe033
SHA12106b23fce5bb40cdf49f5273890ea02b8e72e15
SHA256f4ad4dd46c092030a3f47ba1a15d4d9109a4e9e144ee1ca7ae406705c0689d0f
SHA5128e3ede81eeb75da3c730f12d4fa688557e23c41e3331994ea5406d3b7ee4c32a4a5d99e106f05e5ccf30561056d4a477b9275cdfe5a397035db66320c6039d9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
64KB
MD5600155c396b773a126a52276d2fd5fbf
SHA107b602dfadc39afa350fb46b22c3134c4df2a419
SHA25687bb72b2a19e0f0a718e0a4660f0734ffbf9f67bb2a5a0c57413835e93c99414
SHA512a35ce535d9f94c1e4a614fa8d0de755b2ac30a7ed3ba8e003c297dead3ffe5d7e7187b9f29efadcb230b83be9de54933a351163946a274b547a22d8cb6ea38ed
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbresFilesize
2KB
MD55a0d7ed59a504fe58fbb5c1398147690
SHA1a0ef90505a9588ef7a3b547e94047cbaa2145705
SHA256f63f9a1f16b66ea60de1b27b77a281e017e5c58ab9d8c0a435882f1a225140df
SHA5127db693de102c6cd598313685c3014ac41f4faf0d53ac8d3813132a7a9591ba090adbe70fb496eecd0051e5c4f69113be8a17797b5d4519ab9ad57609b0cac983
-
\??\pipe\crashpad_5044_YTTRGXGLQLNBOMGEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e