Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 21:41
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cutt.ly/ZepF7YRV?BLN=KmjuBtkNJO
Resource
win10v2004-20240226-en
General
-
Target
https://cutt.ly/ZepF7YRV?BLN=KmjuBtkNJO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{EB1B83F5-5A14-47DA-9871-817680B510D9} msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
msedge.exemsedge.exepid process 4400 msedge.exe 4400 msedge.exe 4364 msedge.exe 4364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4400 wrote to memory of 2980 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 2980 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 1500 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 3200 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 3200 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe PID 4400 wrote to memory of 4060 4400 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.ly/ZepF7YRV?BLN=KmjuBtkNJO1⤵PID:1476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5056 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵PID:2512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5076 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵PID:648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵PID:948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3968 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵PID:5024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5652 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:11⤵PID:4876
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\3674fdce78dc4d5d91caefe095fcbd37 /t 4920 /p 31121⤵PID:3536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x214,0x25c,0x7ff9732e2e98,0x7ff9732e2ea4,0x7ff9732e2eb02⤵PID:2980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2236 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:22⤵PID:1500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2764 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:32⤵PID:3200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3200 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:4060
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4388 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:4948
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4388 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:1600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:2572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4568 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:4288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵PID:1364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4696 --field-trial-handle=2240,i,1983372671016357313,16224441090696419227,262144 --variations-seed-version /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB
MD504f28d4da7fce386dc15d5fc0738d56e
SHA140f4f3f45127f42077faae50900eed664df673d2
SHA25676622c6f4602b9039e0822f9ba8f96c503d0b887766b527524d2b50db2e8ff52
SHA512978f6e0946c23b1fb2d5a16d94f98bc8669815ee7ff2596195806697641a681c3e6f7972f4f3df2b4b7c54d1bde030e1be74e9e86eb00f732b0388ccc789e481
-
Filesize
280B
MD5a833d74d823775c5fce4fb16221686ff
SHA118a2bab731a88bda5042b64c523289fb1339431c
SHA25646d3ff80e9c802d57b5a5677863e804ff75ac8297c4e7ffc09bde97284eca8cc
SHA5128835a9cb81d7596ba768aecac930356ffc50ef378246355e74387be139673771b392c693e574d35965af09ed5b1db6576b3470030a149a0d734ac6bd288ea6f4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD5529d38ea19b0113ef000bb005f04215f
SHA11a225e79f487cd0f72e945d70d87697cf4e213e0
SHA256b8f7b168ae46e0b4b709c00b528da8d8f46157e001298603717cbc5d100ac6f7
SHA51291cef41d5daf6d7e74b32439953cf0520a4c0210ef94d18ccf8aab3f734bc9072a6971bb659d727d35401de1bdfd67ec0d99626be92bea3dc17a99516087bb0b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
11KB
MD50af340bc743db9101e56eff29937799c
SHA180dc10b96b53d96b5e621d89ff905eecfe0e3f36
SHA2566d25e13d58e0bee98fcd1c57d1e7e156a4373f1ff1044a14fd790b87d9a42539
SHA5121c2ff446003c7cebbdbc6ea8cd16c3e28a3072ddae605c1a1b2b0900961d58f21c708e6e31e494dc0aa18dc1a2bf5ff9c04f55530532ebbe9f5b073ea80477a5
-
Filesize
30KB
MD59e5d5003f35c6de6bb315d7f78d20c71
SHA1eb1dd57e621a049e470b6303a0997c5ec61c5cbb
SHA256fa91806bc42e9e508bc0366ddf77746b0a50f6d7e578a0daccc29122c5d30f93
SHA51293a27ed8bbb53f2866d85ff1192048715eed1864be09818a25d82afa94df34c9a592e6eac3e4371b9212905c0a7eb5e9c4826b03044b279fe8f3f1bc8dc3c024
-
Filesize
61KB
MD59b63a5ee7c8c602acb066d80bd3eec9c
SHA1309ca02ae8cc083550c3e1491322a82f6d64ee43
SHA256bb11d87fc3620776374b6bc2e23d545f05063d3a225df878b493734e58572874
SHA51258e787d84ed65b1c90aca94c69d61401f09b15562826d5853509f26a9367aab6721f00f3fb4cccfd16bc3fd0e7fc5e27850bc9b4c38f377e0509af58b4ea2507
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e