Analysis
-
max time kernel
75s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19-07-2024 02:53
General
-
Target
https://www.dropbox.com/scl/fi/2swfq4300e0upqywylev2/Siena.zip?rlkey=mnntklr6tuy7vmf408plqep3x&st=rilxxlhb&dl=0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/2swfq4300e0upqywylev2/Siena.zip?rlkey=mnntklr6tuy7vmf408plqep3x&st=rilxxlhb&dl=01⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff9531446f8,0x7ff953144708,0x7ff9531447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5684 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,9894476350696424024,782138025834135419,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5584971c8ba88c824fd51a05dddb45a98
SHA1b7c9489b4427652a9cdd754d1c1b6ac4034be421
SHA256e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307
SHA5125dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726
-
Filesize
152B
MD5b28ef7d9f6d74f055cc49876767c886c
SHA1d6b3267f36c340979f8fc3e012fdd02c468740bf
SHA256fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37
SHA512491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75
-
Filesize
538B
MD58672e5c3f0c3174330b5b808f8a77d7a
SHA1d2109130ca2c4edcdca0c830a46fdbb33c2eaf59
SHA256206fb8bc3a026b7ef80395263a6824ab39e5df97874cd7abbb516a80ccbb6fcc
SHA512a06a15e7acf651e2b4102b89cf03d89c0f091255f74612229f5b4c20e24c2974ba89b82730b9bf51da833eee79627a63477a448b8a330a0d30b1d36e452557ac
-
Filesize
28KB
MD58b6a23605542aa5ed08ecf170cc061f2
SHA1be7a5b58e9aee7eb2d36927b4dc2f0610c3c2cd0
SHA256138d0a55989a81aede9a115cbbf485a3d91140cb1cb98480358d17c644d2c8d6
SHA51227d0a5687b2e3c49337d6bf7a46aa46e48d72a4c3e6f5ef810771217bda4a2feb60b002344e26cad2f1700eaddd92f41439a04858822617ecf77b176fc27fd13
-
Filesize
4KB
MD5586ce9703119674ee192ab47365c9e39
SHA18b2a1f7f62ec1c47f67242eeed022ed89a342602
SHA25603c19a9eba5742d8aea23cfe920b7b9d0b90a3f08ac27c0dd6b9e19e8842968a
SHA512a075613efe4711ac64fc5c237203296b803274b2df6c9abd6aec73370306307a2a541be34c226fe35d6d058f6b2af0fcf899c48e235341a4ec3b3ef49f5ef2f2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
1KB
MD58934864d5dc3fcea27893891b4a297cb
SHA19c9536c19475ca7e705ac3b6dd1dd3407960a507
SHA256034b8d284bd2591eef01a2a3adb563140acbb01835312f536b55c59d21bbd790
SHA512c38d7b023665128d0e5f838cc0af0d72f844076860d1adb7375c01666ec1ba2fffbddc1669e410c60ae38452ab81d8b8dd115b20f55798807d5c1b6c6bb9bf9b
-
Filesize
6KB
MD5f19f0f8bfbbc70547c5d2035e78e9850
SHA176b13cd0ec5abd5be89732f7fc56bc2710c09b35
SHA256d9e7ef1ffa105f5c585d9536a48471512c1c9e6a8f98cec85f31da49d21befa1
SHA5121788d5e9b711ff701f038e955d64c5b77de135468dcad586742f1152d4ba2576043634dc6cc8eb3d0389a7ad0b59b589932474b8eea0f31658398a107c24e54f
-
Filesize
5KB
MD5aeb5165e5aec3c703c20a8e8e08e9cd9
SHA153c56a6bd3e8cc56d53d4986db45b13581adfc2e
SHA2567c68c5c8db56e6686a9dda5242de5862813573f95e4591b99c9457dd3844db76
SHA512a0ddb340f0cca042b1cf50f4aba645b58cd7125d9ed1631e5d9f0ba3c869ce57564505b9d2841e173cdb090780355e58a2eee63a46c7e4109fc731eb4c0f0647
-
Filesize
6KB
MD5fc255b9b4077d116153ed4543b6cfcf0
SHA1e03d68262b58d1092a00fd0bb240724257cc9add
SHA256ff60c8d6cdb1c79019f4a2fe3bbdc44701b1bf85ddfe553185acea8b66ab2579
SHA51254a5a303c4b42a9906f75e0186f20b701c1324929472c17055d739e43f2754f1ac3160396de47addf6442d61e2fd4d4736a1dbf8a609dfb897d604caee991fba
-
Filesize
7KB
MD54acffdd9663774214a1dd7af0e8788ae
SHA12682b7d90ca56bf1794809ca2bce38e0c597d37b
SHA256c1a00ef9269e006e58fa0757305cc32d9b1501fa78f3c116316fe2fc80f5ab28
SHA512bfd2fe49b494c080c83c5d69c4e215a7621098a303f36773163cd9ad65e637f947dd1ffb397e8c45b9104508e8fbca317e6f1212566fa35a4dab770dfc07a1a2
-
Filesize
705B
MD5f85e666495da250906960acd26ad280d
SHA1ea9c3e60f37f46d19090c539dfa89d3e293300c4
SHA2565fb23bf134dab5075aa48d928a621ebd2dc1dc89da1decdf1c9d122d1409ef1d
SHA51246159136398e21c9cad5dd17da7965ebe7fe9c4de1950950f655bde155a2345c5b0059bf0f75971c47d3a04cacd4f6f30eb657b984b6b9efc02843f0e9b6c0a9
-
Filesize
705B
MD501dc53f712a14318cec709b60399c7f2
SHA1d6fe1564ca052f1046490bce5994f269dc67498f
SHA25665c31dc8666eb1d431873241b533f9f147889752f96d631418bd1d2998f45d43
SHA5126bc744e9fab10404c9930345cfbfb3da164cdb9c8275e664c05c5e2fe610598e5d7af2ecf86952cc70a61544a781e2f7f43af884903767e4a5ce9b3ddbdb6017
-
Filesize
705B
MD5d0b6a3ed0309548ebca84bc2f3fd2155
SHA1001ad9557ee5efffae91a46f58deb692c10dab4a
SHA2569dc6efe989d0d842c46696d8ebef86c9b3d0e61f0b793921d8012a4ee5d6ba52
SHA512f674ea9f5c8de330c9b2513f7075d12790d8daba59f4e70f89641fb64463f8a4366537da2e5ae470a8aef3945df864cd11f1942c4938e95196deecbe68dae8ed
-
Filesize
538B
MD58dd8f15de557b22bdd2f3ea9a47e24d0
SHA1352aab841296ebac8bb6e5e33d7dab4e32698933
SHA256d46129702dbd67cce1838c484e20eee2ff396bbf911c6287d5e7dcbdd9ebe4dc
SHA51260c8197be8613a0af861bb1c80ecbf85a43830bb3348eb4d9bd9141fd44b74ebe6ce3c253c4580f8801934c5887237482fc6eb6ce713046cc7593bbccb3ce17e
-
Filesize
538B
MD5e130073cfc237d8648591018cad090b3
SHA1dcf87c458484732639dda5e7e9393b9948d1aeff
SHA2560daf84f0c4ea91c22534379e63a5f0406e95873eb8315bbb0be44b2f6d70d034
SHA512f4d9cd02f5e6cec1a08e262db73819207aa4d0fe46f77e3a23c19fdf92e5f28f57166fa443804e30ab94b8e68eb794569819a0f9fa361dda8741f069ba61517f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD545bbad31931c1f4bc8cf576352b4195d
SHA1d1a124454ca61b49317e29490d1b298986234759
SHA256e10729b2dc77f894fc4e707cd463e62710bc19973266cb326c01019e81f9252c
SHA5120036b068122b40887f28ed16be2e56da6bfebe425a5821d65eab5746b73e68ac818228f1191dc071a91f3f28b9dcea5058999dcbf968985ae450d70c6fa681d4