Overview

overview

1

Static

static

1

URLScan

urlscan

https://github.com

windows10-2004-x64

1

Resubmissions

09-09-2024 19:47

240909-yhlkaawgqp 3

16-08-2024 15:24

240816-stchvswbkk 3

19-07-2024 09:10

240719-k46wfswhja 1

19-07-2024 09:10

240719-k41z7stalq 1

09-07-2024 04:19

240709-exzwnswbnr 8

08-07-2024 07:13

240708-h2an5azgkg 6

07-07-2024 10:00

240707-l1l8ba1gqb 10

07-07-2024 09:59

240707-l1e41a1gpc 1

06-07-2024 07:41

240706-jjdhqstcpg 4

06-07-2024 06:14

240706-gzq3na1blh 1

Analysis

  • max time kernel
    244s
  • max time network
    258s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-07-2024 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4548
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8847646f8,0x7ff884764708,0x7ff884764718
      2⤵
        PID:692
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:1748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4184
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
          2⤵
            PID:1884
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:5084
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:5028
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 /prefetch:8
                2⤵
                  PID:3740
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                  2⤵
                    PID:2556
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                    2⤵
                      PID:4064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
                      2⤵
                        PID:744
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3708
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                        2⤵
                          PID:2996
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                          2⤵
                            PID:4924
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,18360638423735958325,17636690833237779305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3188
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3828
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1204

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              fbc957a83b42f65c351e04ce810c1c11

                              SHA1

                              78dcdf88beec5a9c112c145f239aefb1203d55ad

                              SHA256

                              7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

                              SHA512

                              efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              5b6ff6669a863812dff3a9e76cb311e4

                              SHA1

                              355f7587ad1759634a95ae191b48b8dbaa2f1631

                              SHA256

                              c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

                              SHA512

                              d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              030c02f4e7a0696a0727086acfecdebb

                              SHA1

                              cf4b0ccba92bfc7c818b2c956a40eda3c3c315da

                              SHA256

                              00eade56f91384e26f4ddcac89abb3cf1d6982904cefa497b8bfd04c528b8ff0

                              SHA512

                              77fc73337939f169663ea73ac70cfcef07816c2cdfc8eab4d1e4d88609d201c94d3f42985f649ae46149be01351fdbeba1f091ddf3232f58f2e0a7f0e8d24789

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              807419ca9a4734feaf8d8563a003b048

                              SHA1

                              a723c7d60a65886ffa068711f1e900ccc85922a6

                              SHA256

                              aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                              SHA512

                              f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              409B

                              MD5

                              6e287ac179bf8bb706f1e0608a4687f9

                              SHA1

                              b04bac26aa1ae478cd1a6a4f9b0c88f812069bec

                              SHA256

                              71d1c04be2bafcfb05a979c598011c53aded92669381c7736324a35bb7d5dd49

                              SHA512

                              037753fed9087ffd2fef9e293372935c2785b7c2a89c8dca01d672e2065a40c053cbdcfa6162f00e0e41b188ff98e8dc56669dba8a2a2250043b20c75e872523

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              237a5fa5164a865be5e3633af2399d18

                              SHA1

                              274758e9d106230c0906d4387d8c1b45d9431b5c

                              SHA256

                              dc8c1ce2c12392c57cbaed4fd1c8a40b4f57757dca6d66d82d085c4e9a0d73a8

                              SHA512

                              02d5b3ebbcca09c7ea6138d2b8a5a699c74907261f05109766d3c8d3bf8ab315f4534f28f374898558ea525793905ae378a978b03e804ecd13ca404fd2f10ed1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              e331eeeab50b6ed31fb0a0461f3dae6c

                              SHA1

                              9900457775f401af4f8266b15eac9fc7485259cf

                              SHA256

                              3dd96ceff5c1480ed1f0b2bec8c4697db603475bdb4c5ab6d792b3127ccf64d8

                              SHA512

                              0bcfebe150223393bac5b632289b7f5982e3df8c55860495a758b4a9edbfcf2d5cad2ab97deb7f51891fa5972def7a999de919162a15a30396d0008999c99293

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              78467c05623dc7772aa3b87ba028f708

                              SHA1

                              997a92c59fb371de02573d5b819914e9028946e9

                              SHA256

                              9d6aa99366ee564d0fbc311e727aa952ad0320d5732c0e372d324827145b9105

                              SHA512

                              7bbb568df5a1fa390159aad41fb37e580c128b28115a46466778fac7f55216700f9a6cb72c6a75d275215f81584bd0839104b45586e75e6869d4ccefc6cd8b6c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              706B

                              MD5

                              05719ee6b292007b9dcd0746cac59b85

                              SHA1

                              41507ee1c3a7ad9212fb910397b87e5141568ffa

                              SHA256

                              f61923a40980e4f68388652bce2da1835ba71f9dbde3e4549d53c9c2549f0654

                              SHA512

                              e4e14bbdf5fb9c78ec5dcf9f712f1ba9cf44018edf5bf87d5470a9355d13ed8b74d9ae88dedb3c7461d89a741b2ab5e11610425fa78493d48531d24f087f0b49

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5859c3.TMP
                              Filesize

                              535B

                              MD5

                              8136f8667d0da6cf082b30e6352ccb27

                              SHA1

                              1e1fcadcd9c03bb57260365b3208b2193adb93d4

                              SHA256

                              199159a5efd1acfdae0145b47e583202e6b2a508008c05645a7e804d634be704

                              SHA512

                              632f8170780f72f4421c060c89914447367c84fad7882c61aeb1ac5ae2de92d80a9940f6d072214f4d81356b388bc1b8025799f63785ca4e0565ae5b6b178d2b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              df3e25970b84fef4b208f084aa0e3828

                              SHA1

                              0be3793f87125b07237c116693e8f31b40d1730b

                              SHA256

                              312af91609e3df388ed4732cfb2062e8a23f8cbc938a56107a482bb3364f71f9

                              SHA512

                              edaa1ec6bf40008596abd015904ab7721cd270fa6b296e4e6ab157ec54d67173ef888a479c22e65cfd67bc5cc9e1d4d4ad1912c81b2ec3339dba594a4e70cf0b

                              Download Submit

                            • \??\pipe\LOCAL\crashpad_4548_FEGNNTIBAEQWKPCN
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit