Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Resubmissions

10/06/2024, 07:13

240610-h12q8aec99 6

10/06/2024, 06:29

240610-g9a47adh73 6

Analysis

  • max time kernel
    0s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1DJewb1_3bQR3RytE-84jom7JCUX91RVh/view?695

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1DJewb1_3bQR3RytE-84jom7JCUX91RVh/view?695
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3328
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe875746f8,0x7ffe87574708,0x7ffe87574718
      2⤵
        PID:844
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:2192
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
          2⤵
            PID:4180
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
            2⤵
              PID:4444
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:680
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                2⤵
                  PID:4676
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                  2⤵
                    PID:2096
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
                    2⤵
                      PID:1064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
                      2⤵
                        PID:748
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                        2⤵
                          PID:3720
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                          2⤵
                            PID:1892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                            2⤵
                              PID:892
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                              2⤵
                                PID:1980
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4229820564039124172,7808727717842859971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
                                2⤵
                                  PID:1596
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4592
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5032

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          4f7152bc5a1a715ef481e37d1c791959

                                          SHA1

                                          c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                                          SHA256

                                          704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                                          SHA512

                                          2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          ea98e583ad99df195d29aa066204ab56

                                          SHA1

                                          f89398664af0179641aa0138b337097b617cb2db

                                          SHA256

                                          a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                                          SHA512

                                          e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          408B

                                          MD5

                                          f92344dfd20e7333d6f40778947db5a7

                                          SHA1

                                          60a43db0a769bc616908920472465b6bc2e774f4

                                          SHA256

                                          ccd4650f5405d1811f21c13f212b7fbb9cc30f1fdc4960b7c3d982ff1c97540c

                                          SHA512

                                          c7818e20a8b63eb810f952b3df2c5810ef4d74a5d0d2c632dfacc1195ba195e5fef70845f1ae812a884f6d41e95308236f3b17b2e156c24075f7b50afa65ffab

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          3KB

                                          MD5

                                          ab266027cf4249a122534582e00630e7

                                          SHA1

                                          9b7b7f20c12eddbe8eb27c45c83f6f1a0fbf6a47

                                          SHA256

                                          ff0bd4d467f4fe29524db8c3eb563d8940790377bb5cc9622995627480e68046

                                          SHA512

                                          802ddc76e31de3cd5c384137526005689d5c33d3b84d1a22172ae85a02d1673c5cd277facef68b5cfb87472fbfec3a4a1badab24a999de77816ade733f4562de

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          3KB

                                          MD5

                                          9293a8dd6c2377cbc592ff3ba1a5796b

                                          SHA1

                                          bddb0ea662a03bad5fc02a3e4c772b696b0619a3

                                          SHA256

                                          e978334520faff442590bc20e929c11c9e9375052c35c83b9b791f677f4e9740

                                          SHA512

                                          881aba266f7aa842607871cad23e951681f20513fc0c6e53adfbd594894a7257e032da1c0d7fd138479903372b541914a4150973d49e096062d74b2ee562a13a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          04e5325786affa9ad7dc478e16ac764a

                                          SHA1

                                          088d63c4cbb2cdd296914dd3281501e6992858cb

                                          SHA256

                                          a17767c91ae8586ceab77342ecec4aa22f7ec0204fb804570e7af8b42ca587ea

                                          SHA512

                                          4450af0a864ee69d2c65ab3a0b0fc3d4ba1c800b4d5f532137e5e68bdb7f3839f2b7fb8ae06fa42f852a54a166db7c587843eb46c0f9dae5a66bf85905f5555a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          c29607c2c6f3ac6a5ea3a466416f8f3c

                                          SHA1

                                          5ccdc945d9ad7349056dc3d2f37e0a5be5c4d5a8

                                          SHA256

                                          4940946c79b69435827598ea6e2ce33a8042cedefbf8a159926eea95c11b57df

                                          SHA512

                                          e310596ba7f5e61e14f94b20da8483d14cf35c8604d352a31d70f823cb9fb14447ff2142569a589433e17d14f1cb5dbba43f8358f6ffff898fbef18981892ce3

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          3adbac4f5fa0f25236f0dbc5a7f3ab6b

                                          SHA1

                                          29dfd1acd372366d2bdf335ec818c8efb46474c1

                                          SHA256

                                          a15d090c89811f9309379d13bbfea9a3d988e7fcdfd3fa45035182050e038481

                                          SHA512

                                          94a7140c10c00785fc6666ca438c6b0a422401b6ffdcd6e2490259b9ef4aaa3eee2453dc9dac8ed10423696401060d5bd50f98346a529dac2af59af2e8ea4f2f

                                          Download Submit