Analysis
-
max time kernel
454s -
max time network
458s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
04-07-2024 04:15
General
-
Target
https://www.officialkmspico.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.officialkmspico.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda2193cb8,0x7ffda2193cc8,0x7ffda2193cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,6292979746074101433,10718666206531289495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD564f055a833e60505264595e7edbf62f6
SHA1dad32ce325006c1d094b7c07550aca28a8dac890
SHA2567172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99
SHA51286644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a
-
Filesize
152B
MD5a74887034b3a720c50e557d5b1c790bf
SHA1fb245478258648a65aa189b967590eef6fb167be
SHA256f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250
SHA512888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3
-
Filesize
480B
MD5b45c5856862a53eedaec7d78e0712d92
SHA199dcb38f8876d1dfd82f74a8a7258d44b618e202
SHA256a18b423f6991d5986a0bdc36139e558abc0cbfef1cc0513f40e54cde40d94612
SHA512db894ed0a3eb5ff37056caff7bc9f9cb102b164894db278c121f5e845c5fcdc8c76a3ae7789700b9e9c2ad06af06fa8d25d38b520d7fdc539d7d9bf3604d0bb3
-
Filesize
1KB
MD5128a432c3e931d8c277b528629012ac4
SHA171f286c7083364ff9098e1c431a80d3068452706
SHA25699925b7cf50821914fd3c02061345d8d958b00799194b9df6d1660342d92ba02
SHA5124c8517316063b576f8198248cf61d99fbb5295efac44480fed635131b3ac161757beb51a68023b77a50218e0ac6e37a3f2b0de9d05fc7f3e589db3caf5679552
-
Filesize
5KB
MD56c9fafbb9fb53e4f16245a5a5127876d
SHA1a01834e10d0c5165f7abf8c65693a066664666cd
SHA2561d54dd5fcda1fd597cf3c7df5df566546963aecb011e517ef2f777a6bbcebfd2
SHA5127d4b1d6cc35de1bfc4722f9e5452f4f7797aee48c89224b66669e58e7ff2f7c6de56fdbb035ee860e058ecb80a8fbd161a487a7195fc2a9afd0580cf7930c151
-
Filesize
6KB
MD5a95a33c80d928c6b0d543827c1b2991a
SHA18f5b79d262cc72a0d98e5c6cee507450e45774db
SHA256f8a9008e2e02db8f13bb02a1e06a02e53e866401407c4929bab64dd0d7e78098
SHA512d691984dd8ef08e5a68b218926c62065f7c3eef111821a251e2baab3a82e45fc1be655286c78ff9d81143344295814514ffa08cfb95454dd174bf131e98fa43b
-
Filesize
7KB
MD563c2b509f3ea04fb4e4d947eeca3eea8
SHA14d3cb086bd9ead452234e20696f8afdf3e532117
SHA25614ff05bbd0e2585c4d95146115887d5d97cbe9efd5bc3a06764396da7991770a
SHA512cbc6bd5e5ec48e2a76e71e7d5a34e75e831c88f8391312e13e9f59595c54deb175f14b5293dfb3173cd6e47894a7f353cd44a92bd647692dcf03d5b26cc61097
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e31be8eca304244820830c65048ac984
SHA1b98c1367f1b8a1c80badac8643fa7b05e2f60172
SHA25601e48cac231d59443162286664090be6abf379d6bf29d8390afd99bd56c6a807
SHA51225b113a4ec2a88c3b88ba235859a2d4e78a45711daa6955faac1b024d58d79df720eedc4888da8797085529a9a08a60cd14fa095a2ad5e750b860cb2d7594b59
-
Filesize
12KB
MD5dab0141f3094da4adfa1d004bcfdeb14
SHA1fdfd3b52dfeb266247bca213a87c9f7847c06a82
SHA256229868e4404acc4defba8fbf110b3011a4bf3c89ee47ea1321a0c69e331a380b
SHA51294ee948769b50b463a5c805343ab566b2e596ec638d1d55bf75cb0c2e2b25e37caf191f7e3ed3e5d6937aa2c9ac6a86be958c5ecd879b229ccf6ec24b6c3d379
-
Filesize
11KB
MD51d601c693f3b736907c4108bc9cdd369
SHA1ef20e29128f3b13fe7785fc64d1626a6226a893a
SHA256acbf0480d669cded0ca723f043c068008cf74961d1923f629d7c9a87dfe8a95b
SHA5125c71c2e31a5bca426ce4497b8e3207090d395439483961743806c9b8d773922e5a8278a55d15aba2eda91b04270a5b4aca1d9088ba73c7c646d306620917f55b