Analysis
-
max time kernel
115s -
max time network
114s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
-
submitted
15/07/2024, 15:29
General
-
Target
https://pdfsimpli.com/?account=644-124-8743&utm_source=bing&utm_medium=sem&utm_campaign=398113348&utm_term=copy%20and%20paste%20from%20pdf&network=o&device=c&adposition=&adgroupid=1137995231440321&placement=&location=109022&msclkid=8e59f0095b3a1ece117a969c6de08c0e&utm_content=Copy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pdfsimpli.com/?account=644-124-8743&utm_source=bing&utm_medium=sem&utm_campaign=398113348&utm_term=copy%20and%20paste%20from%20pdf&network=o&device=c&adposition=&adgroupid=1137995231440321&placement=&location=109022&msclkid=8e59f0095b3a1ece117a969c6de08c0e&utm_content=Copy1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbe643cb8,0x7fffbe643cc8,0x7fffbe643cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,15838328498409149937,5681559696744347036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5ee61095ec660e7ac0eade0d244072d7f
SHA177e6df723a03a42a47e9e5d156615cd9bd34dfd1
SHA25668c1ec0673522352d4932e797c00d80856e012be40a43fb12204d9a2f284a2ee
SHA512b13539be80683fe8313ea4de6f0de2cd02e839127c2c212cfd586f9097022d7a1e39768e35e8a62bb27447ed8480def786c2c1452ac94d67a56a7d2a6a701788
-
Filesize
152B
MD5c1ff2a88b65e524450bf7c721960d7db
SHA1382c798fcd7782c424d93262d79e625fcb5f84aa
SHA2562d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409
SHA512f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3
-
Filesize
152B
MD5562b59fd3a3527ef4e850775b15d0836
SHA1ffd14d901f78138fc2eece97c5e258b251bc6752
SHA2560a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430
SHA512ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2
-
Filesize
912B
MD5f2fe4ee6696553ca0fce54d38e543d91
SHA1845f8c6cc95a2226fb4434d942f69fa9dafe1ab6
SHA256dd07bc7bcb47b618bdfa49b40032ac8c50401d0484500e3da53c02668f5dce1a
SHA512f65c4215255e17c458275dea40078bb88af1ced7fe3d1be31ca3c32ae88ff4f14ff7be62b2bdc9aa69145c1fbb772c13f7ac2ef637b11cd9240804c24ed56d0b
-
Filesize
3KB
MD5032e197a53a2432936e0398d0f7683bb
SHA1403b83ce8d4a9bfc41e779a0217acae1cc57f816
SHA256b4bb9d32e4867b8ebd681021fd38fde8d3c802fc96472e420f16fc0aca72c7e7
SHA512b7d721827292df054238a86708c2538e501ade8b4c6b6f00486177ad1db6b68b197b125d0dad4bec2508981d98143ce046d1de7a9d1d252106730a5229fc678f
-
Filesize
5KB
MD58308e9a777c8cc68417165719416f53d
SHA1b1dd86fab9e3d52f94791346625dbe0cca1fb732
SHA25618a7fc4fc871d1013a286650cbca77d67cc92cc22333350a2131655cf45f9bfc
SHA512386cc3222f1ce5faf70d6740989baee9e1a41ccea5848818fae3433b202e5032ad17be9091ce994bc4f2f6c6f2ebd5fb996939521c2cdf018812914c3ac45153
-
Filesize
7KB
MD5188e66c3887d83d55a0e50108a6bf7a0
SHA1e355f6de7421cba19eb6de9b54870f1d2484f413
SHA256fe2bd5105e4774d6ca57940d14d2b85acdb0bebe29a84feff64a0b2eee94c11b
SHA51208eb6b751327de18b322e0fbeb6a36c055bcb02320f306cff52441c80076b0d7a598173c6f309668d57a74b4dddcbdb5393b02d3c30aa8a2645bb5fcdedb07f7
-
Filesize
10KB
MD5b5a298e45b1bbbad60338e903a945038
SHA16529f21125862a074a429e2dee9a42b50abe28e2
SHA256f7559970e602ab435991062fe7665ed7d5ce6d1c181352a4e20caad4a7e7dc07
SHA51270a28108775030d19bdc04e2746ea737213fbbd09c42400e276add4ed912d7ae5c8cdda4dc53d5a6aec474be1c9a73ed09fc67fd173c2e651f0599ca733d3f93
-
Filesize
7KB
MD50168419ca2af5f56a47eb5d12506cab7
SHA1f04fe0d9776ef62b5dca176811f296c57d918083
SHA256e628923fcfd42585f3aaf5158df2447638777144c7ac49325875b76f720b668b
SHA5120cfa22a6331c1e5897121baaccaaf798333839ce9959bfe6791f104e978f91963091f922e1dbcce0a644df9760f19eb4678582812f7d11d21a601dc9307c68ff
-
Filesize
10KB
MD57e5c3f8063ed974666dd90011b3c8214
SHA1b2d83b3410da097a4fe0ec6575fd3f6139ef8fc2
SHA2567d4f81d26f5bd00e003bbc862c616f7de375262abcad3ac0057b2b314ea601ac
SHA512fff56ccfa8ec5de6d090c2feebd7d5e9944dc0752641cce64a8e2771a21d9c6f8ebed7b11d673b6431a8712a905765e480816167ebbe5f4fc7c85a503f47a470
-
Filesize
1KB
MD54820d48ccdacf3f551186501f1e99202
SHA1b532ebef1c3e29b5fb6c6d58b0258eb2be27f509
SHA256d65f7482927c3dbe0a82c65ee7df1fc06996e274ac06447c39b3f624c1ba610c
SHA5127a18671e5cbd369105c6f61a390e3189e5c8d4b32924c14cc70dcb23722b644ca6afc0877a8ffc0c660cfa586526572307ec839a47e81b758350af7528c7b83c
-
Filesize
1KB
MD579dc7353d32a6f45a28cf7162ec70710
SHA1a5571d2065b1dda98e2c4b683bd1f952bceadcfc
SHA256e3795e70d73d0b8cc033faa1d8bf22789a3c35f53ef26cbe1cd4f00be40dfccb
SHA5127b36ab51fc1dfd7476cde7d6eb9291dc891d8bc0a6c1c6244e1351f9087434554543fd2cc4056e1c75b10f434349f0a2b7ff5f7f6d3dd384d21db60fbbc7d370
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD585e5e40a10e46fea99c99897eea79b01
SHA1a3f6db73cf4cd63c74eae39217b188a0792b5644
SHA256486b04b888655eb70f7fffdf11acc9dbb77a4cd9ad2117cf18fa3246983a624b
SHA512bc30add8c376a68396355ba140affd2a635750d54e3591722dd9fe7f578d0abd17a02b6d2ca7c2799cc73847586452788b9835e97d1efa7d8817fefc9e221ac1
-
Filesize
10KB
MD52b38ebcf2148207d5409435c37baa91f
SHA187fe72e51fb68082049a3233e6184f15ae69a81a
SHA25607bb1c37aa8388d6f7b9e5a4f1a88e453d633d40f3cdb7fc2bb2a9b6b3f200c4
SHA51237b2c8ca0ffd135e99d5248b4159cab2dcc5e41bf46cf7f40e0da2c57c66f7f4ee0ca863df5f545ad9ddee5dabe7fb63d699168236212a03f2551f1c629ebcf6