Overview

overview

7

Static

static

7

cba9bc966c...a0.exe

windows7-x64

7

cba9bc966c...a0.exe

windows10-2004-x64

7

$PLUGINSDI...ne.dll

windows7-x64

1

$PLUGINSDI...ne.dll

windows10-2004-x64

1

$PLUGINSDI...ip.dll

windows7-x64

1

$PLUGINSDI...ip.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

4

$PLUGINSDI...er.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...en.dll

windows7-x64

1

$PLUGINSDI...en.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...p.html

windows7-x64

1

$PLUGINSDI...p.html

windows10-2004-x64

1

$PLUGINSDI...x.html

windows7-x64

1

$PLUGINSDI...x.html

windows10-2004-x64

1

$PLUGINSDI...app.js

windows7-x64

3

$PLUGINSDI...app.js

windows10-2004-x64

3

$PLUGINSDI...uts.js

windows7-x64

3

$PLUGINSDI...uts.js

windows10-2004-x64

3

$PLUGINSDI...dle.js

windows7-x64

3

$PLUGINSDI...dle.js

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 23:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/app/index.html

  • Size

    20KB

  • MD5

    c7b752acf6d1e10f3aca2c67b1ccf4d3

  • SHA1

    ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7

  • SHA256

    69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc

  • SHA512

    120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576

  • SSDEEP

    192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa560f46f8,0x7ffa560f4708,0x7ffa560f4718
      2⤵
        PID:4064
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
        2⤵
          PID:4440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3016
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
          2⤵
            PID:4288
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:3080
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4464
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
                2⤵
                  PID:4744
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3004
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
                  2⤵
                    PID:1256
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
                    2⤵
                      PID:3104
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                      2⤵
                        PID:1604
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                        2⤵
                          PID:4688
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,15566835564776915856,3138239922517463303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4004 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4088
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3176
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1264

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            bafce9e4c53a0cb85310891b6b21791b

                            SHA1

                            5d70027cc137a7cbb38f5801b15fd97b05e89ee2

                            SHA256

                            71fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00

                            SHA512

                            c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            a499254d6b5d91f97eb7a86e5f8ca573

                            SHA1

                            03dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1

                            SHA256

                            fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499

                            SHA512

                            d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\569b9b13-3a91-4e28-b066-e551c99b65de.tmp
                            Filesize

                            5KB

                            MD5

                            3d733750aaf108a663c5c2aa57a8ad0d

                            SHA1

                            3719253e62d6c4607137401d10713cac7bb6d735

                            SHA256

                            391c940aa70b0ba0a28dc96b052a045dd22ab87065ff66acb09c1c37cd4d98b3

                            SHA512

                            360cfb04e41e2be82d7ccb57c4245e8197f08c0938f35d73e51e39d4401483f0e247dd60f3f58c1c007d8c2ae8342a5a3f2c85a39d5c3815821ecbff1bed63a9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            309B

                            MD5

                            d00add2de28aa0d0d96c1ee895083c15

                            SHA1

                            a8a872cd1e76497f08557b445e89ce6d2ca4a431

                            SHA256

                            be2e9e3947d9804b5304be31685582b9380ea681dd37ccee635be9d0162710a6

                            SHA512

                            0a54bb34e54497b555e792ccf977dfd6df227886053fe20e8e2531b0c49e3343c8c7b9c47a5c04adbab680970387d3dfc2795bc93e3e5694b23a998af54a5e78

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            fded6ff25e545b627c34224d3163eb4b

                            SHA1

                            e668ce69d2700bfc24b631ed2ddbdf07bc2a28f4

                            SHA256

                            ba0e25376c4212cdb22d4f6782eda2461f5170e8434a50d3685749c367f7e6b4

                            SHA512

                            b1c3bbe646600bba455cb72d7c4aea0f85d70f4136b0b5eaaffad167840cb2e8f135cfad2d621cc814f88a3053cc06431ab31a41e2c5220eb80f4a3aae160b00

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            9d2834a1acb7f3a89b4f06274906c21c

                            SHA1

                            8dbfe2cca11e8a82b897be6fe1b07747a9d3b964

                            SHA256

                            764092e64c1f5aa0fd94884e7a73a8352774b8586bb88299931925f50d096705

                            SHA512

                            0b01380847e69bd06a712f21145c5eaf01ad696c486158ecea634a4f30a4c0a89906377096b60ca25cf7f1115d43b0fdf21b52d1594456e7349879bb93546ad8

                            Download Submit