Analysis
-
max time kernel
152s -
max time network
315s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
29-07-2024 20:21
General
-
Target
https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?pli=1
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?pli=11⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eb0b46f8,0x7ff9eb0b4708,0x7ff9eb0b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5044 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7193651396938768432,10987676190289907761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bafce9e4c53a0cb85310891b6b21791b
SHA15d70027cc137a7cbb38f5801b15fd97b05e89ee2
SHA25671fb546b5d2210a56e90b448ee10120cd92c518c8f79fb960f01b918f89f2b00
SHA512c0e4d3eccc0135ac92051539a18f64b8b8628cfe74e5b019d4f8e1dcbb51a9b49c486a1523885fe6be53da7118c013852e753c26a5490538c1e721fd0188836c
-
Filesize
152B
MD5a499254d6b5d91f97eb7a86e5f8ca573
SHA103dbfebfec8c94a9c06f9b0cd81ebe0a2b8be3d1
SHA256fb87b758c2b98989df851380293ff6786cb9a5cf2b3a384cec70d9f3eb064499
SHA512d7adcc76d0470bcd68d7644de3c8d2b6d61df8485979a4752ceea3df4d85bd1c290f72b3d8d5c8d639d5a10afa48d80e457f76b44dd8107ac97eb80fd98c7b0c
-
Filesize
408B
MD5ce2c7127f1a148f5afb89716befa6647
SHA17121f184057daf0fea9f8e6ae9a2c14acd25df2a
SHA2564b1f163cad398e5e16dbe5c63f3646e58e2b620d42628992657f5c2db7f7abf2
SHA512febbdf10666d36d476d022ae5e38770b53b9e5a6866a09c28876974d6c60e37ef67c1a3d1c3e1d836d3f6b59d3393c6c458a38c6233564704f5e91dc7bffd72e
-
Filesize
3KB
MD566d6e045577bc4784535120547e26d77
SHA14bcef536a42d5f443dabe90ded1e971a7feed364
SHA2561d175c962636bf43313875fe607194c97ebebf514463b748955f72c8c9a4d095
SHA512c34b2c7f944adff2eab91abf930536c6c8d5c57ce2f9b93ea3f618e0196112ceb189817802ef60dfcc93e29bc3dcdb01d37b8f42c5a502fece95fd270f3e463c
-
Filesize
6KB
MD5cfbf68a3576f0127f157e32d2a76ba64
SHA19a74e804d5293b5d477e8022b7a5a40af9102b6a
SHA25630d8067dd3fbe532556682ef111239fa7a576109da218e6db39ac4032f6d01ee
SHA512d43fd16332bef579c9d3559a9d69ea4a68e117894560c826ff2c5b3ff422ec142bf1fd4659c81b1136005e43c1113d552be249b1480385415d0519abd64a42ed
-
Filesize
5KB
MD5691f1a4181722748714181f547470f07
SHA137d74098e3aadb20b1e3242fbfe070ff08b98583
SHA256927b8bc9f4c6138292e9abf3ee615e39c7e9a4aec5312fcd03c59c977efc3716
SHA512067f2d68842dbe1d121f5fda8f5382b8b03bab6b2d6abc0f477a2c28ea40ae2fe9a90bfc1f425c3d55676088b56cf3d0469245b15299dd13c6a131ef28e0c7a8
-
Filesize
6KB
MD5df9e7d0ecc5ffb29eecabd341391e335
SHA1e3203633c44340120de864b8de94fe35a0f433bc
SHA25616cd753db94e572045d833fa8ebe55ece20212344433377aef4ef851d81b9458
SHA5120f53345a654aaa4caff35287753918ff28e003a96fecb03477f2666c24eeea72880ec620ead74eeba7ca1bb7c2b4d2b16b7c2b7c573070a9759488c8a82c2e7f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f8c785fef84e9d58920aec77ebdba294
SHA122558f07000aa92d572acb53ef5c047ce31d1eb1
SHA2560dab71aff182aef5c4b733a00f4daf0ec49513e081babddae1b4562fcb905a04
SHA5121ad8b1366530cc868685035720656b4869161abd3d44b5a2869d2b3586fd0573293f31ba3bc582271aaf984eb93cd59737bf4f52e1f734adbf025c6ce0a28ce3
-
Filesize
10KB
MD5c8f6abad80c4221dd99fd9bd48dd8535
SHA1f742ac9a386f8aed427a8ddb593fb7c16d7f7060
SHA25619d0627976f53f07a2e3f91739fd0d1ab06f84528f03b0f6582da9b1062cb864
SHA5120983a980a2b6191764fa64c42281872c3237b8942de41db9136f7de704d6fcf96a5c336ddcd036665e7afaa7e2b3e83f588ed75ceb1f1b3c6433586a2d66a7df
-
Filesize
11KB
MD57788e5cbce04d7a0813be3bcb78e0630
SHA19c7ba3100518e69d49a278ae35eb9093c4bb7023
SHA256f8b145a08ebda3e3ffd2f98491bd70bf178e17b5a8ab841a3b5d9ad96a89f53d
SHA5127578ecabdb528f410678b5002c9aa50d13559ecab0ea238cadcdc622050f20baed81b70cf11c250ebe74f5bd394b0fc879aa827252292260ca845668b916ac07
-
Filesize
419KB
MD511e40cd744c1b342988a44c3632b360d
SHA16377ebcf8b46eb0bef07321c4ebebb29f1b13565
SHA256f00c12f1feff9ffc6822df557ddfdcef9202e9262169cd3073a64560159efcc6
SHA51259ad5d806273828c7e5aca95d3fe9181128c8f92e7da561f663718002a4067e5ce061b18a3993ef7931fcb0289d1361c9000cb4175d600f138de4d6ebda05392