Analysis
-
max time kernel
0s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 06:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.upload.ee/files/13955981/MailAcess_Checker_by_xRisky.rar.html
Resource
win10v2004-20240426-en
General
-
Target
https://www.upload.ee/files/13955981/MailAcess_Checker_by_xRisky.rar.html
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2924 msedge.exe 2924 msedge.exe -
Suspicious use of FindShellTrayWindow 17 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe 4892 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4892 wrote to memory of 2596 4892 msedge.exe 81 PID 4892 wrote to memory of 2596 4892 msedge.exe 81 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2684 4892 msedge.exe 82 PID 4892 wrote to memory of 2924 4892 msedge.exe 83 PID 4892 wrote to memory of 2924 4892 msedge.exe 83 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84 PID 4892 wrote to memory of 2756 4892 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/13955981/MailAcess_Checker_by_xRisky.rar.html1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d05046f8,0x7ff8d0504708,0x7ff8d05047182⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:12⤵PID:3456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,97528796750750270,5277965254746252234,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:22⤵PID:2668
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4220
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9f629fbd-e2c7-4e5a-8466-eb9e29784c6b.tmp
Filesize5KB
MD5d33cc567ac9bf768993d19c404dd0f24
SHA1c11061f8dab2d03fa923d8522fe8b4201bcc59f3
SHA25646d0f56dcc06a3304663552a495d7561103b32467c3af34322c19e232b706620
SHA512d0b99821b866ec9d57d2edfe90e022097ead2d140f0cb9497ee913a3ac88b737f3ef9388743159001024e65695d2d8870b106f4a96e211f95db81e265ee10d82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD5e3ca60c69c7388ede6588b0397d7abf8
SHA14cd7be100a1cf2a7634af3f28c8bfb831a4da1ba
SHA2565af1ef50863e902aa01f73978d8137e6bb056f69d82a5da2d9495e295aceb01f
SHA512425eda6ae53298995d81b6aedde11fd74ddcd6ef5f23ed618ebee46289862f86fee336fc7ba5cd3d034d9213e415c06f4d17a03adb4f901a81f6377703ab4fbd
-
Filesize
2KB
MD5d6a46e12609aa962621f3dbc218eb9f8
SHA11a575e7f347f2a0f69c0e7a62c0e255a8cd8a98f
SHA2567bd50f3539c6baa58af789454b3384530f7b4567fdae146c603afd5d549d9167
SHA512394e99fece51ec587b63fb2fc2f276f34e6f75e6a7470f459bc892dbb35f8f4ccb015dc32f930d90ad2e93a179f028e3ef3c380796c1da84845aa96427894467
-
Filesize
7KB
MD5ea27c2fb0a6f0661ccefb24c2b73be6e
SHA1fd8689db35ec07e4a7ff6964bb0cf3ef54586644
SHA256a2d14bdf7f9bf6e034c3732e1f1fe3cadcddd1f286410e0ef459c957f62f3f19
SHA512bc84824a5bf828f580e4170d67679f4b686fea2d3559f8ec0620f18afb1a35f73197a90e9c906de3eb4ad80c293a354181a3ac2758b7988f876d381d5494a111
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50813c951aeae844eeb6910ef32b97b0d
SHA11f3beef12547762030bf57f18c10b921eb405503
SHA256d6d3d92b9eb65d44fd621a4b4de375389c0669246b54912d63d25b2ff5b5e0f1
SHA51218eca118c79a69c45e624c5ecf3d08e9a3b3580e5fd20d7181abb10bb0f18aa3e5b8fcb44ea95429e108560bab066521582f213dd792a80ee5edd78b7954cbdc