Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://discord.com/...

windows10-2004-x64

6

Resubmissions

13-08-2024 15:37

240813-s2ggsawgmn 6

13-08-2024 14:19

240813-rmt9naybjf 10

28-07-2024 21:45

240728-1l2f1swfkq 10

28-07-2024 21:44

240728-1lrlta1and 6

28-07-2024 07:40

240728-jhm1sawakm 7

28-07-2024 07:19

240728-h5hh5svcpk 7

27-07-2024 21:18

240727-z5qyyssgjh 6

26-07-2024 20:28

240726-y9a8mawcqf 6

26-07-2024 20:28

240726-y84tjssgnj 6

Analysis

  • max time kernel
    1152s
  • max time network
    1197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-07-2024 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://discord.com/channels/@me

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/@me
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b2b146f8,0x7ff9b2b14708,0x7ff9b2b14718
      2⤵
        PID:3268
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
        2⤵
          PID:1860
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2588
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
          2⤵
            PID:2248
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
            2⤵
              PID:3620
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
              2⤵
                PID:2372
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                2⤵
                  PID:3220
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3584 /prefetch:8
                  2⤵
                    PID:1548
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3596 /prefetch:8
                    2⤵
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3188
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                    2⤵
                      PID:3040
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2516
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                      2⤵
                        PID:3304
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                        2⤵
                          PID:112
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                          2⤵
                            PID:1388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                            2⤵
                              PID:320
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13587065179853528108,10410529996543652335,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4680 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1852
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2136
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2944

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                210676dde5c0bd984dc057e2333e1075

                                SHA1

                                2d2f8c14ee48a2580f852db7ac605f81b5b1399a

                                SHA256

                                2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

                                SHA512

                                aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                f4e6521c03f1bc16d91d99c059cc5424

                                SHA1

                                043665051c486192a6eefe6d0632cf34ae8e89ad

                                SHA256

                                7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

                                SHA512

                                0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                456B

                                MD5

                                734c80c0d76595aa0dd5ae63318121e1

                                SHA1

                                315e070eabf66d477ce75a2ce3b196e9b8106f06

                                SHA256

                                3459d92791b37d91f6cd22770f58d984960e6039bb9e86c3648785f4cfc8274f

                                SHA512

                                82c3f0d801a8f0f4f3eb0d7474f468860835ca98a2285ac6a250cc6195f739dc6d13df32b8e3ea78574d7bdcb092d9dc1f519068b7dc3a16e07ed86e5348aca7

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                179B

                                MD5

                                c88a3bc77002a075b95198522f195432

                                SHA1

                                dd6ff073c9b7fa86d1a461013165a7251443e777

                                SHA256

                                8f8c6061b94669fcf151b9f8f1c979a33ad38d597be893f375bff44ad1b3556d

                                SHA512

                                e3facaf13afeab1a90a5c15f31288611e7af177fed3e4474aefee3560c5e1129579ea74857f5a3845b8f04c117e6c5af45c87df5d0b003e1259d918b7b0dff1f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                9674a88e8f63a7ad41cf423fc9d6ff31

                                SHA1

                                7255e41e7a05931e60db3e287d47f3feb89c38c2

                                SHA256

                                742c682dde5be4b42ea53c3d564954a1b0f8edbbaab06a645cfbeafb39f987e9

                                SHA512

                                a7ec736e77ca35ae49f3dd4369776f898da4a39e8bd5b0795b9b420bca50c7c2ae096992e9e4c435325052c64f9d4661a8cf021214480fc55055a6369ef6ccb3

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                e470d1ad065d3b7bfe82400b64723a57

                                SHA1

                                6ba9c7dec1603c3cacf7bb0cb04d213b61bc4cc3

                                SHA256

                                29a3f2d5a9428d4e6052d270a5e9f3701a6d2a2f66cb99b3aa431ab7ea0c61fa

                                SHA512

                                5901fe74a5e15caea2c75cc4c8f5b7997630c282b7f238b6076a4f6ecca395ad1d4203c03a3b3ff6a92783f8c8620b1f4fc3c83a1a0049db8374231341f8b1ea

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                370B

                                MD5

                                5160c32b923c6779435dad39924e8cfd

                                SHA1

                                6a4a7dd85c1d0a8ff1a9cd88aa26178bcf68ee58

                                SHA256

                                2ed7328768cb8790376c445e8e89fd463162f507032f9b32275a6f412498b75c

                                SHA512

                                ddb5c1012f0366411bd1cc63db41b24fde9e96b32b3a19aa19199c20fb94db9000b87d92e0ac10d3b145a9b2c4fe9eb1766986ec959640537f4ed284bce91f73

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                370B

                                MD5

                                389d11a2a440f04a32f834a8156e10a5

                                SHA1

                                b7724f60719e89df2d3f089c5a0d84b986942dc5

                                SHA256

                                9f50d331ffc21089acda21662cf7a4a9e35728c8321c95247d62df6b4c010c05

                                SHA512

                                75994298a73188f6cfaa24fd729444887f2b6544abecd701634360b4f997a23350a33d3d828212feb9e4d54384ef6f8fecd8ee99be4535db29aa7188b20c8ce0

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                370B

                                MD5

                                ec6356c321ec16175d6518e9185aa226

                                SHA1

                                db7f3cfe3de4077a2d1af85644eb82354c494a87

                                SHA256

                                86cc206c6cca53c7f70101820a4798d510abcf8aad1d7ff02fc39f38e919b1b2

                                SHA512

                                777f9256e54aebe767e19508c2fea44cf341e8091e24893928b15ae6f1b135750c6590e90404f83b86ab3349ed63ea91d4f9abeb4584266bbfc1bb1fd82bf5ea

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                370B

                                MD5

                                178449237e0229cb533d15b4d2e449e1

                                SHA1

                                bdca0da22b75b4c1565b10df32a088e5501a8c05

                                SHA256

                                5afd81b8f96c7d95aa9d2fb82bc4b4bda8c5eefa9dc84aa2031d4424ea9e7ed9

                                SHA512

                                ebe8c20c7afe271753d5020bcef11ee34a5c35e7abe522f18f13317b1980dacf0cd842ea4d9c8ca83ee067e35551d7a85cc74c87fb7b08eb7bb4cb68380a111f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c0121.TMP
                                Filesize

                                370B

                                MD5

                                778bbe94d193cee426b5ffb341d9f8da

                                SHA1

                                eb16c9e2596ecdd1406a50cadea117e19c3eb857

                                SHA256

                                a9c24702b50d828048236da2534431a39a6334bd63e1dc362f365eb88040b699

                                SHA512

                                8a18ad60d7dcefeb836c68383b1ade01229ebb5d6d41dfc12a1ecb9d19be5f0a2e8373e46c52d512cac6570541730fcf26a6c949b1054cbaf71f462cbc634c82

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                d621eb02520929cd00375fa87e006c43

                                SHA1

                                a251ad368233410e8361b54342de0b67dfd08088

                                SHA256

                                5b1445d4b2ec330fef1986551a33983d9640dcb4be577fd937bcfc54b572ba7d

                                SHA512

                                f9d60d0ea70b347a172703e3e9f1bf3e08fed3c577efccb3158f8e17a63be231092fc6c39fed7c239c3ec433f333e8043081ccd49a55edb43e615dd202a7baaa

                                Download Submit

                              • \??\pipe\LOCAL\crashpad_2236_NOTCXKZKGDSCUJXX
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit