Analysis

  • max time kernel
    240s
  • max time network
    300s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-07-2024 16:21

General

  • Target

    https://ify.ac/1IZk

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1IZk
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5296
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcf6d23cb8,0x7ffcf6d23cc8,0x7ffcf6d23cd8
      2⤵
        PID:888
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
        2⤵
          PID:3884
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
          2⤵
            PID:1864
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
              2⤵
                PID:132
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1416
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1600
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                2⤵
                  PID:1636
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                  2⤵
                    PID:1044
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                    2⤵
                      PID:3512
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                      2⤵
                        PID:5128
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,18179011267495310151,12875952268211334663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3060 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4124
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:5864
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5884

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          b26cef15e9a3cc82fb429a163f96ac6b

                          SHA1

                          718ac4822198b1a21f43b6941d0d8df107fd0015

                          SHA256

                          73af2c2ebc9187187d887e4abc8b04561c55f36f7f9cdf20293d522ce5c2f506

                          SHA512

                          87f96314ea9a1f394d24de5657e61cc6809c961fd05280b4875a06bb928f4e19dadf725fcd0417f16c93cdceca349dd27dd95d0f8f0f756020322803b2f91cdc

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          5efcc43219d778bd14d32016100f2708

                          SHA1

                          b06f6726698a68781854bc342a54e06bc4562217

                          SHA256

                          a7534c7d125854f7fe662a7951443cad1d1ff0d8d3eb537dde5a381cd3415666

                          SHA512

                          6bbdf16b41bbc3ac5d4e2b93683a712d56eb58719799f69cb7240a77f799928b48af2771f76d9d7829846db12d0116e3a8ea6c5d0f02d5e840db1b3c018480b4

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          216B

                          MD5

                          9640a4bd5dec6731bc02809cec11f0cd

                          SHA1

                          fb5f857cb16e5ea851c7d902ce55d8faf80b3ca3

                          SHA256

                          8987f61fce8c0accf592533386b9d10e7f9511e7b4938d6132c839f3bc33fa30

                          SHA512

                          0ca9aa1dc6146fb953495fdc2a4459d7210baa76483979fd5f930cc772f52abdf7b5a4ac383206917a32f52c4e6ed35cebc3d165b6f1e2cbb2a86086f6f59bed

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          999B

                          MD5

                          3f15c4b3ca0bf07f626b55a60cc11776

                          SHA1

                          89d8bdac4acc775434499d45429876c40568fcfc

                          SHA256

                          7b045049b09d811ee7afca24dec85701c398e9dda37a7353b2816d0882b7f74b

                          SHA512

                          6c6a1e019ee1252f8542ab0e2ab6e7996b6b52e495fe4c2dc907c00bbbc57e7763610070fe76e97c7b5bfea6aadc303d2aeb6f5e256b77065bf9c867810d68b1

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          cc17a1ed03db9044c7672fc082083af4

                          SHA1

                          1b1a4e7c0e23441b8bdf0f18a22b8c9350a95503

                          SHA256

                          4586a450fb16e956d4872eaa00e0aaf83e9be29196d7cf703fe8fbb8bf1244bd

                          SHA512

                          98ac06e689c45e4706da159f60b1fcb914d794a52bc3a524d68a93596df0163bae7d435d2fc96a0b54bef3a7298979871d40d4db3745c38003b6e7f40c2c58bb

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          57e19f1bf5eb1696f3e79a57485c0d92

                          SHA1

                          702e332155ba090f39ced18a0095f8becf32a65d

                          SHA256

                          268d42dbc54de598975fe6138ec7a498014b3d44cceac9f72aad48dd57a3fce4

                          SHA512

                          fb14168d39aef9ed4a0decb1ea857219dee4638506be85c8f5a89d718368036102f40168a79b2be455c5eef553569fee995a0d640853904544f7e5a0ecffb869

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                          Filesize

                          41B

                          MD5

                          5af87dfd673ba2115e2fcf5cfdb727ab

                          SHA1

                          d5b5bbf396dc291274584ef71f444f420b6056f1

                          SHA256

                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                          SHA512

                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                          Filesize

                          72B

                          MD5

                          fd486d5be5cdeed3efaeccb408c70c6b

                          SHA1

                          a068673580257de6983b37ab7df6a25fda226c5d

                          SHA256

                          dd52e2b27bc2b84330012b7091732d9149e416adb8cc35432a0bb3ab7651b94d

                          SHA512

                          0ff180a59189592c0e233fb4e0612ecd5f2545fbd8219d7d8f04c600360749f454e224a71e6c856e2100ed272e53f162c54b16395ed910b04479132240d3fdd8

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ed3e.TMP

                          Filesize

                          48B

                          MD5

                          1c099f5443817b93fbef04e77470ed37

                          SHA1

                          62dff348b42317ed38a80efe2467659ade2483c1

                          SHA256

                          ae14cbf52956b279e8323f75a3a58f62bff0ab09bf7b0964e4342b3ce54e0d77

                          SHA512

                          d7d37b7f66c1e6fcc61175c9077c197f8e1df1ee4b4804afde9c012a5ae57af1e5d68c8925562217c0052ca49445eea6b2ef6525390e206067d4152732c41721

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                          Filesize

                          540B

                          MD5

                          5c80dfc64bf48fede5c62974f2920617

                          SHA1

                          c507e97e6d47881919003912a911bef1f3bcf21c

                          SHA256

                          6fec46c0ac2c718e3ac99ec1ab46f4ca029b0bb7a85370d104d64f7c3cfb994b

                          SHA512

                          0917a0d40a3a9e1ae32f21c0af46a721473fe85c98a5df673168561a44ec0aa66ca560560407f24fc89af1766485807da0d23a207295858256f87e8bbb103b5e

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5826cd.TMP

                          Filesize

                          540B

                          MD5

                          69568c71026153750d2d6a0a54e0b87e

                          SHA1

                          834d3bed3624c78e5adcdc57a22cbda8b8ba5b82

                          SHA256

                          c2dbaf72d901282a27a6c092a29284e9a34767cbb37668f533c2f7834bc9e263

                          SHA512

                          35e4d61cbef4539963a6b3716c1502078a9313d330ec275e27590e587aeb28fb5871e1c1f7d7a77e264349f34812ea4a31eb9776d5a6ac5c16d7ae5d064a2113

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                          Filesize

                          16B

                          MD5

                          206702161f94c5cd39fadd03f4014d98

                          SHA1

                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                          SHA256

                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                          SHA512

                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          11KB

                          MD5

                          5b217912608aea3974da029e754f04af

                          SHA1

                          a2181465a07de659704ea42d75fcec6cc35a62ff

                          SHA256

                          43213a8460edbd291bbc678258a0611aaee5da37486025e41d4596bbb1c8cf25

                          SHA512

                          29d55957e44da2016fb22df1ccac68f1ff1ef76570161c2b4bf1c0393ed0e7f2ea57e6a18aa4db91eb4f482410cab600206f3cb3812df0fa4d46d5cf569f287b

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          11KB

                          MD5

                          c8ec29ef9576c7909960261c8120c08b

                          SHA1

                          3163cbd457d7096057ad15de314b80621a147186

                          SHA256

                          286847731cc4396a614a398ac9e53378fe5bbc8be7ab2c94a2d0368bcbb00020

                          SHA512

                          59ec0516614ad99af3d60c821f48827fdc7f2f1a7dc53bca4f102d8c3bbbb30f46e326f38c98c11ad1287ccca5fe49ecd00b422fc4f89d23c89d8af581b90b25

                        • \??\pipe\LOCAL\crashpad_5296_FOFOMWQNIPHADDJW

                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e