Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
24/06/2024, 19:10
General
-
Target
https://tracker.teneo.be/click?e946118/Hb3V0c3BvdGNlcnRpZmllZDI0MDYyNCwwRjE2RkRCN0UxNUY0NUI0OSxodHRwczovL3d3dy5vdXRzcG90LnNlL3N2/qP3V0bV9zb3VyY2U9b250ZGVrZGVhbHMmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249b3B0aW4td2VsY29tZS11ay1jLW9udGRla2RlYWxzJnNvdXJjZT1hdG1fY29udGVudA/sbl9b057a20
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tracker.teneo.be/click?e946118/Hb3V0c3BvdGNlcnRpZmllZDI0MDYyNCwwRjE2RkRCN0UxNUY0NUI0OSxodHRwczovL3d3dy5vdXRzcG90LnNlL3N2/qP3V0bV9zb3VyY2U9b250ZGVrZGVhbHMmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249b3B0aW4td2VsY29tZS11ay1jLW9udGRla2RlYWxzJnNvdXJjZT1hdG1fY29udGVudA/sbl9b057a201⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe706746f8,0x7ffe70674708,0x7ffe706747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16294616658699180368,16065749314539706743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5504 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
328B
MD5578aaf8d5f1a1e82743284f41a512f8a
SHA1b46886a352810c323908e57ce6ddd5c89606a0f9
SHA2565a4837a953dc3113795f3b645b8a5b826a66fd105805cc363c56fbed8a7c0cec
SHA5122d022a091b67cb03dad1e19e48089cea5795405cb4e914b06fc33eeebd6017c75c9b81fa1753e6cc73799852c196ee896bf60313667b8e19d6c5abcecb8e8a83
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
204KB
MD5081c4aa5292d279891a28a6520fdc047
SHA1c3dbb6c15f3555487c7b327f4f62235ddb568b84
SHA25612cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f
SHA5129a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69
-
Filesize
432B
MD50db479ba7ebab260a4752077f12636f9
SHA1bc84d6e97b23859d0aaf9ff387acba53031bccdf
SHA2566e60822132270ad9e52ccf54e03e034a191e042ba78e0f996356399db6cf660f
SHA512beb7a9c4f00cc9c2234eb3422a99b62f6eb6b57f95df5ae436a6eb967d4ade8d79c871046b47cdec1b7a6c8e59b878eadb9b36c84483ee267c9abff99d10a49a
-
Filesize
2KB
MD5ac113bdf370b8cf84248afb8171a6fc5
SHA1643f6208b36fbbc3536cda7660996ab687fc0c4e
SHA256c46af8ff46a4172b7932f234666d3d3992a0fd9f9cb2bb22325f98eba2c19c02
SHA51201b6e2c9cb5850bdba972c361f1e28c8fb6c13cfd4fa65155200a40d82886c0fbd7549b2b28ca7369eed6ff2ce8ca0ae494a774a34e944ba00de262d4f51805b
-
Filesize
5KB
MD581f216b0909c5e1172f7f86e06f02fe1
SHA15c0b97df7a4f51ab1ffa17f39ef3b42bee8c9596
SHA256bd10bd6108dfa26cc23922f0e9c11277d69e35cd680a44ce2c301bab52b60dcd
SHA51217f3a628c52e136207757997312a37e640fb8e4dfceff95a825c856221afeea069d1651cafb2c6ad3ef70451f10df827a8a81ae218d511d6ca9cd7109ab46343
-
Filesize
7KB
MD5246a84e507a5d54b15714c1461915abd
SHA1fcf18250df4fa399e497e9631d9c447ec27d26db
SHA2567caa233b821db46aea10d31bc964369c2c20fd94ebf1a524e10a52d815d22007
SHA512dab09e36555be5169e71f163b6e2a58cf41c01f6e09e83df42bdcdda33921630302fc5f6f64443ba912fe02e3a51bc41a1d7a82edfc6837878bdee08a541bf8e
-
Filesize
240B
MD539f20a0e63bf3072b1c5ef30594db32d
SHA1490220a75b3d8dd5ead2658dd80c2b3b7ed730e6
SHA256a9631e89a58a85625c9aa7773606febb1d2799fd736120cb6d00805e2eb79d6f
SHA512ba7756214b2cc3aa8641ab874b015303d8769b74048bc208f8f1f5f7b751c33e4db5c182ac4ac2b7753882992db9aad54b02ea5602a7f642bfbca012d41d590e
-
Filesize
48B
MD5bdf1357b6dd6b6f249835c34c985ce3a
SHA19b3beb3399320cfe4a153370cff01b25a204aa7e
SHA25696383a9c123ba38a11a9c1651c0340620114c11e75c0db1f1f31d1c942d4b11c
SHA5128a309be51786c53e8fc86c70543fc754dc581014cc43b94ee06a0a5205bf7468d113ac826c97458609d32454d71fd11be016001c89ab8c27047d6e11d2941f62
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e41f9416ca7d9f916a4c9fd3804c8b50
SHA1a24967e3666543ef629e420b88ce6970ad200897
SHA25607facd4b9eb46c37518ddd6634336af707c524d574432a03055ea8da00b0eaee
SHA512a8cf00a751764ae0f1b0731f113bdca8cdaea8342a6e1dbf628bf0c445a169253ef6931c10528dcbb0a598f4375644d68a76b462b2d5489feb17a9505aa6279f