Analysis
-
max time kernel
71s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
12-07-2024 17:53
General
-
Target
https://thepatternprod.page.link?link=https://the-pattern-prod.firebaseapp.com/__/auth/action?apiKey%3DAIzaSyC9irzxZxxtfxH7FXs4dHJx7vTaj5Vb6R0%26mode%3DsignIn%26oobCode%3DlrJsst0QNUuV4yV18aVUVVFQ7P3sV4AoFc_zyuepbW8AAAGQoTh0rw%26continueUrl%3Dhttps://applinks-dev.thepattern.com/%26lang%3Den&ibi=com.thepattern.thepattern&ifl=https://the-pattern-prod.firebaseapp.com/__/auth/action?apiKey%3DAIzaSyC9irzxZxxtfxH7FXs4dHJx7vTaj5Vb6R0%26mode%3DsignIn%26oobCode%3DlrJsst0QNUuV4yV18aVUVVFQ7P3sV4AoFc_zyuepbW8AAAGQoTh0rw%26continueUrl%3Dhttps://applinks-dev.thepattern.com/%26lang%3Den
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://thepatternprod.page.link?link=https://the-pattern-prod.firebaseapp.com/__/auth/action?apiKey%3DAIzaSyC9irzxZxxtfxH7FXs4dHJx7vTaj5Vb6R0%26mode%3DsignIn%26oobCode%3DlrJsst0QNUuV4yV18aVUVVFQ7P3sV4AoFc_zyuepbW8AAAGQoTh0rw%26continueUrl%3Dhttps://applinks-dev.thepattern.com/%26lang%3Den&ibi=com.thepattern.thepattern&ifl=https://the-pattern-prod.firebaseapp.com/__/auth/action?apiKey%3DAIzaSyC9irzxZxxtfxH7FXs4dHJx7vTaj5Vb6R0%26mode%3DsignIn%26oobCode%3DlrJsst0QNUuV4yV18aVUVVFQ7P3sV4AoFc_zyuepbW8AAAGQoTh0rw%26continueUrl%3Dhttps://applinks-dev.thepattern.com/%26lang%3Den1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa672746f8,0x7ffa67274708,0x7ffa672747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2272,14165702410830010874,14630166377695867369,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52f842025e22e522658c640cfc7edc529
SHA14c2b24b02709acdd159f1b9bbeb396e52af27033
SHA2561191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e
SHA5126e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05
-
Filesize
152B
MD554aadd2d8ec66e446f1edb466b99ba8d
SHA1a94f02b035dc918d8d9a46e6886413f15be5bff0
SHA2561971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e
SHA5127e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994
-
Filesize
20KB
MD5bc3dcbabd519f5ae551ef0e6fb37d738
SHA19cc3e66cce916d82359f16282eca1583b0550de3
SHA2565a57fd6330729673a53f1e56a61061f20e0c9cd7703ce4d21e647795e840d027
SHA512fb89edb0f7370ff13e13150112190d58e3c621310ff57f111a02fe514ce7f3262c03b7879b23bde6bb4ab62aa09c318613de2d117ee0541092a1b6e0efbc1f02
-
Filesize
1KB
MD5e782f4391258b37f14ee744c9c6d9262
SHA1d30f1300347f620487e77bffe11060bc69db7753
SHA256457d43cab86b2498cdd8d8012c2968a176c220b4f8540369aada46d3382c2d30
SHA512e5286b4cd6fa2d35f15f5e559a2a794b8940a04bca1007b8114b8576043d300e645388c2775e77babd859e11a7edffbec1516896c9105cdf30a1c3224d23c669
-
Filesize
2KB
MD531d34a10e69b5ced64905d23f9fcc125
SHA147a978b4482a6aa1c13c64ac13b959995c535409
SHA256703fef06907c07c201978088f216ffc794fae140185ec4696ac693effe5e53ea
SHA512c99a0510898aac1a172e49f5371b2bcf7b81f9f28e64c3a2c56a64906e47837c76e468dda5ed64b8317da90ad9012014d08423edf3b6414a88ab90972161ecdf
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5a5cd3092a4ecc8119a20c0775d6878ad
SHA169bb1c7c3ec2d753de2cffed6b3bfd769e42a282
SHA256073ea47c02348279575259b36438fa350399dc8d52a5f2ef50aba2ffdd1477b4
SHA512fb499793151aed4b3702685424fbeead13a12ab29d2103613ce43450a9a2781acdf6ab806ddcfba53970623939e2b046a2cd91064beb8c6e3d506a89bd2c6028
-
Filesize
6KB
MD55c6edd49d3aa49537a21b61faade2bdd
SHA18ed1edd4975d23d25315d99d815b11a0e1078a1a
SHA2565cd151192f4bef71c615477dc689daf77eab67bc4d29734c8d508072fd223e33
SHA512b21cd01b28fed144f0f4af1906e2c53fb147d1175e3c5767d82b6ce5217eaed273af14b58d841a981ecc6fbdd7c2552634566c9588eb828626db1a15a356d73a
-
Filesize
7KB
MD51ff89581bde50aa0571672d84675711d
SHA1047cfb13922880c43865ee30ebcf2fb16502a283
SHA2563cfc97c88c3c4139bbf80e1e0adf6a7e4628d0ebfca3d37a96e69b9f7b35af49
SHA512ae4285a5fc45a8278ac05b3d8c84efaab14e841027f174f0f8b16a1b0cd4402f904ae9fd5e0a0cef4849a4f8a0f9c1023152a2b9e9724ea5e18fcf7912eb5379
-
Filesize
873B
MD50db9a79b658acd68f10f5495a4a1730e
SHA1e3267e41d6da53a69555156cf42b8a40b5acf02f
SHA256ce2146cc08912930d79909ce0091d246f54437ae165bf2e20488c83bdf903933
SHA51212e8be14dde7e6f82963b7e959851fe890fb74c331863ff1a063bf032e8221afc53da0f4b6dfaa1d781f17d48747ee7db6d31b4e3f2690ae782bcfbf6b12ad49
-
Filesize
539B
MD5c559bdba1fd6c2cdbc24c305b4e5f987
SHA163c57aa64bab6e33eb80c65c292e832196436422
SHA25603d79922b257e6ed8bcc1b0c73af1faedad8935629771ea0a22b3b646028354c
SHA512e17dcf42ce1766b4d9e375697b372942a4b0d35cc511c681e6e574254e29b3f45a4ea7f7816a5c619294a509c67c6c0c8207f4f3b658796224abfb02990ccf37
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bd62a607dfef352849ad7878e251e442
SHA1eb185d0f756833fcccfe8ae7828d6ef5c551a8c4
SHA256287bbaf6d5327ae0c8579203c67cd48aeb9789175c4b24112c4a8e59ce44336b
SHA51205be38b6b0847832c15ff4edd54e757f21f03ff77dd88c282c09ef275a561794ad0651302379690ed9b322353e7e934d38e043005a4f82eaaa2b9d39df585f6e
-
Filesize
11KB
MD5d1c6aeb50cb3bf672fc9e08f7655122b
SHA1ddb8a7c62a050a2a691bda6748f9dc702d7a5d3d
SHA256b8646b9e302d77b74e2bb1a43e567b83ddf0ede04cfa03eb53b500ba60891ea2
SHA512d9415c50fb328d2bbe5bc5059db3c759a77f0afeee745172a1e77025bcdf8690c5712c21cb6197f67f99e369a8573a580c20a4bc495ae4dbd30d1f503544cc6d