hxxps://www[.]mediafire[.]com/file_premium/l6gboc09hkc93od/Vega_X[.]apk/file

Analysis

max time kernel
4s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file_premium/l6gboc09hkc93od/Vega_X.apk/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 4244	3968	msedge.exe	82
PID 3968 wrote to memory of 4244	3968	msedge.exe	82
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2412	3968	msedge.exe	85
PID 3968 wrote to memory of 2276	3968	msedge.exe	86
PID 3968 wrote to memory of 2276	3968	msedge.exe	86
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87
PID 3968 wrote to memory of 2000	3968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file_premium/l6gboc09hkc93od/Vega_X.apk/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd886346f8,0x7ffd88634708,0x7ffd88634718
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,6508108405277562289,14597876083659294029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3824 /prefetch:2
  2⤵
  PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82fa9c0bb9d17d5ef9fbf525b464a03b

SHA1
17fcc30357fb883e53c9b989c7f559151e1ccfcf

SHA256
25c725131943d3a879312362ba897fc85421584f01a274b4218f011deaabf69e

SHA512
6326c3dd7b2d58b5388a330c5f9a16d8fb26210ac69399775832f5d2339a769d4104e159b12c9d71b8eb9a9484868e63f2815cdd5b794f70dd288d8aac6f27bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
56eebe844a6a80134b6ca255a3f1aba4

SHA1
ae948d6c3552cdc7cf4d292c570bc3d7871669ff

SHA256
b044812f40a47da4d3bcae0267b0705f54ac22c67cee85d894b89a0fe98baede

SHA512
a4b8baf7341ee055e9483f72649e0fd328c19e56bb20a4cd31e3ea6f2c058a4389406b15bc859ad4e3c7aba60a7376944f8a630e41c55fcbc95779da919e17cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
229b191cbf6b1b4c5fabf62c76891b9d

SHA1
7cb1867673e9b012c96eef533908cd3b8e764480

SHA256
279792c371bae31545226a91b96fcdf86e817f18572da6a36baa3701db99ef57

SHA512
fafd5e1cf1f73a1d42c252468e167bd622d6b14ff5f384d3098f2f309bc0f7d4f233c0167d8df1e155760d5073f4dae17871f118c340360252d4437eeb958883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a7c07ad34d6d6612a5c0f951926b4028

SHA1
893a295a730bb77a8d147ef80f55ac2f29a9cd62

SHA256
406ae665f2be02c7c1ec89d7dca1c342b0bf0de22d17c417d20eda3e6147c85d

SHA512
39b25547ac42b5f98477736933ed11ad16bfe793b5eb5971abe5ae3526e9c288f58574262bbdf2aeaa3ea6d9a0996a394d5fa97a851e8be2f51c900ec71f2ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cb2fc97c84c078b0e3136679b27e5aaa

SHA1
ef65f8b085fd0db79bec4131dbc38c851b9b485e

SHA256
f30f4589328a6d1c5d6e3fa9d2a209fa32b177c65691ac41a5778f996e3bb994

SHA512
6980e189f69fd7400679805cfeee71a47fad31344e2d5518e5aa4f3bd605870f3ec1cf3a8a190774a2eff60814558e26bb05ff5086cc6e68b82cfc5090cf40c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5e2b06a8ab29a27f45d1e61b4ec968d

SHA1
1167d7f0e0c2c6e0f9b47aa911b79e037c2de3a6

SHA256
97643da22cbbc594f0fc3934586b68ea9a4f7e5010371bd4c6f6804cd22759b5

SHA512
a4f20403fc03158b208b536769d56f04f3808632af4a1f0ce247076e9eb76afcfac8512229d5d64e7e2ac4070bb086f644f8b6a100cbb08e4f0d12ae9546a685

Download Submit