Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/06/2024, 04:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fl.youareanidiot.cc
Resource
win11-20240508-en
General
-
Target
https://fl.youareanidiot.cc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2756 msedge.exe 2756 msedge.exe 3252 msedge.exe 3252 msedge.exe 4164 identity_helper.exe 4164 identity_helper.exe 2056 msedge.exe 2056 msedge.exe 2292 msedge.exe 2292 msedge.exe 2292 msedge.exe 2292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe 3252 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3252 wrote to memory of 4800 3252 msedge.exe 77 PID 3252 wrote to memory of 4800 3252 msedge.exe 77 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 1256 3252 msedge.exe 78 PID 3252 wrote to memory of 2756 3252 msedge.exe 79 PID 3252 wrote to memory of 2756 3252 msedge.exe 79 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80 PID 3252 wrote to memory of 1568 3252 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fl.youareanidiot.cc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1a5f3cb8,0x7ffd1a5f3cc8,0x7ffd1a5f3cd82⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2169108387126391880,6748387880808665424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1356 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2076
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50d84d1490aa9f725b68407eab8f0030e
SHA183964574467b7422e160af34ef024d1821d6d1c3
SHA25640c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00
-
Filesize
152B
MD50c705388d79c00418e5c1751159353e3
SHA1aaeafebce5483626ef82813d286511c1f353f861
SHA256697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\95cd5b94-e18f-4d9c-86a7-bc4665f040e3.tmp
Filesize6KB
MD532f25c4d715d99198701f0ce50d630eb
SHA16d4cda02c1113dd714e55ef4670831a7b94ca07f
SHA2562518b7b9c6992d1e71c1d72aee66ff14a747a51f8673b23dd70bc098e106dd7c
SHA51233c8bd556d30c47e352d77a193730e82697d155b2c0e97522f16ef22d4abd4018e70c615e88855bcdea60ff0e8b140f1dea1749fba721b69338bcc983fe214e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5b815f230f38659902627a7ecd321c2f4
SHA189d60393b250c49acc312fbd3d1b2ee1210e4c6d
SHA25671f4d387eccd4a163dd0e84aff81d6bad7a9eca47c2f7fe75ef814eb8da7781e
SHA512c2273428a4f1e6e30d15ee66bafa5410706935ca1e09de1637f93e3e2c220d88fab7800f2244b2ad042dc7a5a35de2ca74128b269bf8b22bcd4f3e42010bdde4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD50ebcbf1b72301bebfd42fc255445febb
SHA1580bd6bc0f7f7c6e13666dd159653047f44b2f52
SHA256d2bec2f12cf0efad8d30ef20a2c1788c54a3fb20017596a3e17a4b6f153d72a9
SHA51271430e5f0acd5875cf663f20c7bc63092200f4f7e357bcbf3701d380008aaf70764701ba4f7cf51e3d1366739140f8063170ab62d14401199c182fc1e9620157
-
Filesize
257B
MD55a006d37a6ba88ecf30c88f2a9ac76d1
SHA1df7d6633d34bfdb27435debbb39103e18c3aa7c8
SHA256a53ba0b1903f8e2a14f453ce91f0ff4a5020c360f5a41e339f21260e51789469
SHA5125f9ddfc4db03daec440829e46ea75865eb31e86e93406bd5e0e892bb27af2af1f6ba86bb517672f6e376a3fac4cbe596796de15d3a539f07a6b5261d928d298b
-
Filesize
5KB
MD5f6b34ab74251a723540fdf1ce531f3cb
SHA18a2f0fa6cc2b9fc1e50243d20817426bb128858c
SHA256ef442c8bac6a60817a83a6e588906c83c4dc46ab3125d7fee635bb02f2ed62ee
SHA5125884d595728ef6c88cc9ec1477e1dab2f15ef3c8f63935132ff3ee188f9e2817ffc864c0b32239ef525e63ff592b6a373fb9b389264bf1c02af777c067066103
-
Filesize
6KB
MD5061c87cb149e69add485f7d065478661
SHA1587acf649a4b1edb703412ce869905a218f7cfdf
SHA256a947c2cbfd92ef70437f0ccf18a3c19ea5298ecf8ea0de2b23c09d329f3af46c
SHA5126a47a66a115b721aabf9a2cf9dfbc2a919e903b2f5e5464b99145ead60efb82e596bcba7ff760c94bb0611727d739003835eba9f9c036fd59e33fda7db8104a0
-
Filesize
6KB
MD5174602d1073794a5da4cc1c3df298838
SHA1fb83ff555983a0ab3cd32377c9af9e954fda0ced
SHA256b702ac3b108c6d8011f9e3ce8c5767bf60c0ebb44f04d5d06857286c71948204
SHA512294530dca7e939a7218c1dabf8959528dd52fd6fc8c3f29e54484bddbed7e38ad831c2e9dd9143b789158c47e30213c6ab27f5f287d2bfea9dcaf14fa63f696d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD570772c9e302c827aff5f12707c7a4ffc
SHA103a6f2a4ab86f788e9f27ebb447fcf2f2a176f58
SHA256beac58818da280e6b70aae4b1789820886573eb3ea7bb02af7851187ecd46f33
SHA512c74753106a6a8625a8ed824930a896ae7e0ee82c6803576277a43f0b895ddabae2b7413b9ed4a98dd893f168c8560703c886cce6f77d24b40e5c2ec9c136a449