Resubmissions
10/06/2024, 06:31
240610-g97hdsdh79 110/06/2024, 06:24
240610-g6kjfsdh25 110/06/2024, 06:15
240610-gz7qeadg35 1Analysis
-
max time kernel
0s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-ja -
resource tags
arch:x64arch:x86image:win10v2004-20240426-jalocale:ja-jpos:windows10-2004-x64systemwindows -
submitted
10/06/2024, 06:31
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://compresspng.com
Resource
win10v2004-20240426-ja
General
-
Target
https://compresspng.com
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4844 msedge.exe 4844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 240 msedge.exe 240 msedge.exe -
Suspicious use of FindShellTrayWindow 17 IoCs
pid Process 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe 240 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 240 wrote to memory of 2704 240 msedge.exe 81 PID 240 wrote to memory of 2704 240 msedge.exe 81 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 2688 240 msedge.exe 82 PID 240 wrote to memory of 4844 240 msedge.exe 83 PID 240 wrote to memory of 4844 240 msedge.exe 83 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84 PID 240 wrote to memory of 4240 240 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://compresspng.com1⤵
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:240 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc75446f8,0x7ffbc7544708,0x7ffbc75447182⤵PID:2704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15319605097205134154,8153713553211833820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:22⤵PID:1780
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4380
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize888B
MD55aef8b8932df3ca4abdb684a03ead3a7
SHA1e19e82e6688f18280904238fa6589b5e003dea38
SHA2561966e57b3f447c27792885fa94bf1cfaa39fcf2101368cfffe5a3c03c1890e87
SHA512f14edbae9cbfc44e1bcff0351984724c8771eaf465120b9cf9e6d0a2a516c1c7aa58f6bbbb22de7003b001e6b4bc866455f477bf63bc4f29613c6bcc493e949c
-
Filesize
2KB
MD54b20f504b13eca99007c4e528affaaac
SHA191edcf112a1eb574f3eea481550d7d1d860d5545
SHA256ecec10413c652dff89d949831da27c29ae421ef3da7cf10d5a19779ba0c3b61d
SHA512ee258b2c8b6c4e8e531e1001be9afb105744fc3ff783f0f4118f94f9f5cb867b4ee54b4c3abd7769e6309d97cbbeaca3d36f22f5967968ce0b0c0672603c38fd
-
Filesize
5KB
MD55daa69237362c75f9dcc7e5d152a53cf
SHA1a1fab346a8d2cd993ac323dfdfcb281c4158e1cd
SHA2566174237d138d6b032aea4fd6fb558cc51fdc15159ac643fce21452b1704869ff
SHA512fed88818c0faa575d789c0b383bfe60f19b0b6fcefe52ee29523f367874f26d68c377bed0fb320b7cd943909cf53328cd6bce8e9b87023538001f3d1b405dc34
-
Filesize
7KB
MD58b590f876197d61e1634cb53a44dbbd9
SHA11eafaf67c7916f18afd22bece65a96f0f432cb95
SHA256a16148a1c202c81668b53aab89ea3dd7b20451ec0a7c0cc4a7f2f052ab08f0ca
SHA512b051d4c495f06c3089105119341bb2901ffbd45f5e004e75cbd4fb6026d8014c6082c73b2b189c639b9097c6916df42a88dc845262538a40142b79efb7cd3062
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b27474b68c9a5fe23a16a703fbbe153d
SHA19c39299002dfbd8a5b01aea6998bd35787981262
SHA256c2ebbc65592653b8414556090153b8dd5fde95612169708790abbefae05d4777
SHA512f5bc4583b0535e840f5c02a7222342734f043c7183acb60a0571e9cb8b766666cd4c546fc2a893c73762cb8943045ab9f5e4fa475e0ea3a9953b4ca57db90d3f