Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://Automotion.com

windows10-2004-x64

1

Analysis

  • max time kernel
    192s
  • max time network
    205s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 14:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://Automotion.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Automotion.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ffb46f8,0x7fff8ffb4708,0x7fff8ffb4718
      2⤵
        PID:3992
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
        2⤵
          PID:4836
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3788
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
          2⤵
            PID:5012
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:1468
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:5104
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                2⤵
                  PID:1572
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 /prefetch:8
                  2⤵
                    PID:2352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:8
                    2⤵
                      PID:4476
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4032
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                      2⤵
                        PID:2364
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                        2⤵
                          PID:1740
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                          2⤵
                            PID:1920
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                            2⤵
                              PID:2096
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,7379894200947574210,16850891743809947802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4336
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4540
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4404

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3f54ed9c-fc65-41b5-8e24-9ab4b8100d62.tmp
                                      Filesize

                                      11KB

                                      MD5

                                      619402c1a8b67841bbf3a48e3acd2045

                                      SHA1

                                      0606abb053b516191695abd8f445c0e4206355fc

                                      SHA256

                                      de99be80ffb93933080198242081e87f073d40f99be5f9eb7feea2b567958c19

                                      SHA512

                                      d6275a6db9c76e0c9192ba2aaa408edc9201b566ecda68ebdc6d3dfe4811d7ff49f559f462057293bdf45a2cf297305e1b977177886a595832ba424624246224

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      eaaad45aced1889a90a8aa4c39f92659

                                      SHA1

                                      5c0130d9e8d1a64c97924090d9a5258b8a31b83c

                                      SHA256

                                      5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

                                      SHA512

                                      0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      3ee50fb26a9d3f096c47ff8696c24321

                                      SHA1

                                      a8c83e798d2a8b31fec0820560525e80dfa4fe66

                                      SHA256

                                      d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

                                      SHA512

                                      479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                      Filesize

                                      1024KB

                                      MD5

                                      ae53467f9a05d57c4f21f234f9f4981c

                                      SHA1

                                      4e720fa827817683538a5cb4eef1136a6c193096

                                      SHA256

                                      6cf89ddec6c15c4f462844501ba61cc1e11d1653486626ff94a1e48cee93131e

                                      SHA512

                                      64648bb857fee11a97a16d01ac4361bc3334dd3a3e6ead9d6dd9c0c01d2e19180d4fc66a70eddadc9e7e113f89c08845d8c71db8917f7f674db4b722768b6e03

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      240B

                                      MD5

                                      9532e1635b33053bdce74753348569e6

                                      SHA1

                                      ea8fe1d9ac2b1a07613a57462ef838c834013830

                                      SHA256

                                      b948e8def64c574d0a2027411f7ddd3e63f18726dfd1dc25814e67945e23eb5a

                                      SHA512

                                      923885fee952d533e371caa6338acbadda6e7e0743c4c3f9bdcacb1c081cd4c9034471124730e695d98e062acb7554760fd92d05dacfa26d609dd41f352d472d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      999B

                                      MD5

                                      9280d13ba170ceba7dca5d5d078ff567

                                      SHA1

                                      b783f0a49f6c161e683acb9673b3ea74df4571de

                                      SHA256

                                      abd7ed9db336dfdcc909e94340ea7cc83c5a0a398245b8b1447df8ce2a414ec2

                                      SHA512

                                      167f0d555b5ee210ed207d14ba695474beca07ca3ba1823590c58d1dfb76847cc7ddfc4608eb4865213c00e9d0d6e90a4afcdb63dea643b00adb9f0031866139

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      800ee5ca5756a5e3a64d19dd6145de11

                                      SHA1

                                      313a8e4ad1e2697a2e5606243249705c25712d4a

                                      SHA256

                                      08a141a6f077aad1b00caf67e1cc6aab32ddc47416bb607e35ad852b69c94642

                                      SHA512

                                      a18a2731f9d1250930a2a48e2d69e39f6573dc94ddf56693934d8af64d01d755538ccb30cacb713f5894db9ae63854d9ea21e61e93b18b38e35cc3de9c7a9e45

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      782a5ac356678c161e41de9d06911232

                                      SHA1

                                      0cf33ab55a93cd52cd0625f5890ed715399127e5

                                      SHA256

                                      7b40cc53af5c5adf88fcc20500b721cde9501218d7b7ccaa8b53ed018e4ba9e6

                                      SHA512

                                      d9ee14b36316aed668599102db30095c14455e8a5fef64578f905fe9344714654f9a1e2a6906408cf4fca5a68add87a80d9ed831117a5d8d96d2857f72d1695d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit