Analysis
-
max time kernel
112s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
06/06/2024, 12:53
General
-
Target
https://tms.themarketingsearch.co/u?mid=66606448a9e3200001418e5b
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tms.themarketingsearch.co/u?mid=66606448a9e3200001418e5b1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd8946f8,0x7ffdbd894708,0x7ffdbd8947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4501187709284409653,13086488548809502935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
Filesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
Filesize
312B
MD567a7456443805311dd1fd9af78c5cd7d
SHA120fe782b13413a8ab6f0b8700723699899ada869
SHA25658594469141af3389db3057d0f8a445b0c14dbb99e05c7edef95da44d51b8256
SHA512ce4a32e5460673315ae116dfe584a55c583bd28414fde22fad185d7c14aae70374d159b781b21347773bef958425f64c5f41ca3931e55cb8ce6392f34ff6d7f4
-
Filesize
624B
MD5111378effb05f08dacbec7cfb5b5381e
SHA11f93d2ae04c0fc25970d1c79be5cc4735131a8a2
SHA256004f65e439a6e4c5a330cff0bf5d54a3815712c8b949d09033cfbd22c078f83d
SHA5120c345080b3736a6512e2fb6dd0131da06a0ebe90ea6aecbfc9cbc7050fcd4006aeb6e4e732e8fcbe5845a8bc4b0b580366ecf5cda135bfbe5cacfb205a337c53
-
Filesize
1KB
MD517fb607806588b8b532c60f674538c91
SHA1a39b23d60e1ad9997badc564ff4b08515e6bb75f
SHA256c0cd69b5f01873d74b02177eae388ebf6c4d082dfb5dbadcae9ca07a54cc9127
SHA5128d858a332ddd5022c88672be3d7b371f470b4f863b5521f116ec3aaf65928935c28fce1d80a6568e5f91dd72fef4e7cef6b35a582bab2af0054f024ed7688783
-
Filesize
7KB
MD5361984c25caed17abb18b5dc19cf90fe
SHA1c3a8618dda098e743fb4622e8e891646e30ad968
SHA25649953dfaba599d45c1b21dd3bbe45db60406f105754f2a63ddadb78fcd7c05cf
SHA512ab1d1726ce23b706906140aa9d317cdb2516a0af09c8524674d1e198818dc4ccea61410ca10f709e8c6342707228c6a85c602c7f61fe10c4bf0e7945f2b673ae
-
Filesize
5KB
MD5a10cb73bceab372bcc102e13d787e246
SHA1c9ec7b456a42de0aeeeead4a4728d5189c8c6bf2
SHA256b19d07a24f921e6b09772436d100609006ee75e2f3c21d92c3c04bfdb760a64c
SHA512a569a695d46f09a70c930ae35d34e0a12ca58fd60a51f176b80139ab4fc1ab2581f6091e00aba82416179bf595204eaeb0d8b0901c3457b1b2977820bd58c2e4
-
Filesize
6KB
MD5b6283b50463b99abf8cab7c5f203ee92
SHA1c36daf7ad5da8f37ec116cd7f3b231dbe22f60de
SHA256b4ae457b3ff246f18d785354e2e24e92276b1897fc78c1bd1faa1e485096c1da
SHA5121ef75e81874a3b086973e840af8d42d4ce2a6b420435144663556b66899563e003a9d093819c1d342e6710f1dbf5674d868b113c21f36a6e1b4b8f418391bb39
-
Filesize
708B
MD5165939dfe935c38b806e9c478270bf37
SHA178f08070b33c525f6e1d3227b244b1a1ad07c924
SHA2560760ecac3960c88d0c45890dadaf87b42a18c5bb0e7d7847eb9c56649b877810
SHA512f208432d33124edc94de0cfa321f31e178a25ad9309e101e4856e0b3438837962ade8b61e4528ce38b61c66d11f5c360994e3cfad9e83fd717e7b53a4951eb98
-
Filesize
372B
MD5636cf583c93079e78a97f10340cb37fa
SHA1eb87dd0df98cd3deeee538f6a6918d8346552f05
SHA2567148a42c6c061f327590b13b8f44f4cd761c7bf146d1c3592a9a49292b00cae2
SHA512903401314a728fc9eff11a4d2aafdda7da38be7077e4ef173a868cca173fdc1ec271f1005997bf9d600b5a1f4c48a82326b1ffcee2df949d5564858941e98265
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d45e8410e2d6b7780a1275edd5d3b33e
SHA1224c800501f729859f0bd729c4be26e21b80f0a7
SHA2565e85db6ca040aea3d8878776d4ee47cac6f67ea29c71441e131a0ce3318baa7f
SHA5128b011ea3ce29c0e36432a7aff3257dc1394cd1af43ca6e7b465effecba66212226a9fb1a29c307c16a085218788f633e7cc406dc2b9cfaf1fffa5dd5e3e41b56
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84