Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://rlyhotgrlstg...

windows10-2004-x64

3

Analysis

  • max time kernel
    126s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-05-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://rlyhotgrlstg.ru/s

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
    execution
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rlyhotgrlstg.ru/s
    1⤵
      PID:3048
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5764 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:1
      1⤵
        PID:1076
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:1
        1⤵
          PID:2744
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:212
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5464 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:1
            1⤵
              PID:4696
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5532 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:1
              1⤵
                PID:2960
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5296 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:1
                1⤵
                  PID:4032
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:4872
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
                    1⤵
                      PID:4644
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                      1⤵
                      • Enumerates system info in registry
                      • Modifies registry class
                      • Suspicious use of WriteProcessMemory
                      PID:5044
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffbe8ef2e98,0x7ffbe8ef2ea4,0x7ffbe8ef2eb0
                        2⤵
                          PID:2984
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2284 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:2
                          2⤵
                            PID:776
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3256 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:3
                            2⤵
                              PID:2192
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3408 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:8
                              2⤵
                                PID:4432
                              • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:8
                                2⤵
                                  PID:3012
                                • C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4452 --field-trial-handle=2288,i,15362676103556535066,11339191365535112869,262144 --variations-seed-version /prefetch:8
                                  2⤵
                                    PID:2704
                                • C:\Windows\System32\WScript.exe
                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\UnregisterStart.js"
                                  1⤵
                                    PID:3972
                                  • C:\Windows\system32\LogonUI.exe
                                    "LogonUI.exe" /flags:0x4 /state0:0xa39ac855 /state1:0x41c64e6d
                                    1⤵
                                    • Modifies data under HKEY_USERS
                                    • Suspicious use of SetWindowsHookEx
                                    PID:1420

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    280B

                                    MD5

                                    a259f1002a59da76e95f9347ec71e8ce

                                    SHA1

                                    7f261e72a3574219e5b8d040641c737f81eb1d12

                                    SHA256

                                    44ea75c63bd9c8594e5d81ca7f547831f696ef8767a64e088900e0e6e8691c34

                                    SHA512

                                    80c36875cc7f5d7dacfc9a331c2d1a0ac793994b25743d0880c3bcfab6591ec3a26e99008ab95b3b59b5f0c9402e5e6b9498c7a46e69ed07a1af1755f9a692bd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                    Filesize

                                    40B

                                    MD5

                                    20d4b8fa017a12a108c87f540836e250

                                    SHA1

                                    1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                    SHA256

                                    6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                    SHA512

                                    507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    c999f7ffbb76e568566b625ae665f136

                                    SHA1

                                    e01c2ddd00277a5c29f8d9fcfdc572c0b0c48232

                                    SHA256

                                    5c2659cca34d3f721020b3f951cd79f695034b1c96bf109ea63bc19ad1380f72

                                    SHA512

                                    37314ac45e744a39d04de383b38bc5423fa82e35eef44f36b8701b819d170f436fecfc4b0736c76c97ba3448b9143bb06929c284dd847ae1d1b18c8855a6b0b9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    6de6002def71e4fbf8378667bd8e5c63

                                    SHA1

                                    250f3866c97f3a140c25b2aa0ab92a9029d94e2a

                                    SHA256

                                    4348e91a09c5919c67bfc92677773fd8e184a6817a77c408987632661ef3c6ef

                                    SHA512

                                    c9c5c49c4be04448fc53238b90883089eb8171664ffb914fcb0f889da1f9b2590ef961e218a7f825d2c3c96f486a18147f42cadaf2337bbef4a3c7f0664590c1

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    73KB

                                    MD5

                                    bc33eb861c48a5e5c322350149ffe033

                                    SHA1

                                    2106b23fce5bb40cdf49f5273890ea02b8e72e15

                                    SHA256

                                    f4ad4dd46c092030a3f47ba1a15d4d9109a4e9e144ee1ca7ae406705c0689d0f

                                    SHA512

                                    8e3ede81eeb75da3c730f12d4fa688557e23c41e3331994ea5406d3b7ee4c32a4a5d99e106f05e5ccf30561056d4a477b9275cdfe5a397035db66320c6039d9e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    64KB

                                    MD5

                                    600155c396b773a126a52276d2fd5fbf

                                    SHA1

                                    07b602dfadc39afa350fb46b22c3134c4df2a419

                                    SHA256

                                    87bb72b2a19e0f0a718e0a4660f0734ffbf9f67bb2a5a0c57413835e93c99414

                                    SHA512

                                    a35ce535d9f94c1e4a614fa8d0de755b2ac30a7ed3ba8e003c297dead3ffe5d7e7187b9f29efadcb230b83be9de54933a351163946a274b547a22d8cb6ea38ed

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                    Filesize

                                    2KB

                                    MD5

                                    5a0d7ed59a504fe58fbb5c1398147690

                                    SHA1

                                    a0ef90505a9588ef7a3b547e94047cbaa2145705

                                    SHA256

                                    f63f9a1f16b66ea60de1b27b77a281e017e5c58ab9d8c0a435882f1a225140df

                                    SHA512

                                    7db693de102c6cd598313685c3014ac41f4faf0d53ac8d3813132a7a9591ba090adbe70fb496eecd0051e5c4f69113be8a17797b5d4519ab9ad57609b0cac983

                                    Download Submit

                                  • \??\pipe\crashpad_5044_YTTRGXGLQLNBOMGE
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit