Analysis
-
max time kernel
112s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240730-en -
resource tags
-
submitted
01-08-2024 21:28
General
-
Target
https://extremevpn.com/blog/free-streaming-sites-movies-tv-shows/#h-1-123chill
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://extremevpn.com/blog/free-streaming-sites-movies-tv-shows/#h-1-123chill1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4d0946f8,0x7ffe4d094708,0x7ffe4d0947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,5273889832711347009,10424154032100475270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x4b41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58edf5aee848362b3fa4c7102382947c3
SHA10ca71672592fef3c37dbf92a155d747c927b433f
SHA25616594552785f10884854bf38d179c9c3d26d023a089180bfe5a3ceb03c395e6d
SHA512a8863cfcea01c05938edd34690db467f0d429f0598528f23392ca7e7233a9b2fe2eaf7b886ac965e22e8c63ee79af84654e5b2f7e94033e5f54622f7b9584893
-
Filesize
152B
MD578d53c4ecb4f237a195804abc28ebb1e
SHA15b036abe11431d0c164cc5427aa7eaaa2d8d1580
SHA256b1ead24150c5c17d1e8cdfaa64b4395cb1b0872c6f4bb25eb8e024ba0e39c847
SHA51290c1e12b736dc1a644262a44141f4bd7eb5fe935249978d1ff083e39017652ab847107add5b5fbeec6318db181cd22a728938fba7c384c8023ed8e3c03e61496
-
Filesize
66KB
MD58ee44f09b77ed9476d09536c0dd7a48d
SHA14db1f8acff663bc3e886610b6942f5b9f101f833
SHA256acd79bd8ca501cfc9cddac609056a57a153c3cb170166a361e884176cebdd0f4
SHA5127ea9137343a7553f26db6928e476f2cf22937d522da896b34d8a2f9434715b923daaf11681599f26720f18843bfcf1be4d87041a027b280ce24116dcc626c1e2
-
Filesize
960B
MD5de8611aa54b05907fee051fedb1eda07
SHA1b73b733f101fa51336ccabcea99bc63e0de6c484
SHA2569087caf8eaaef8f28377ffd4108481749cc94b4edf1743b19299314f235fb18e
SHA512b5c62dec24d6afb89e391926d8aa7a5d2e121f6f337b6f0c47e36bbdb4b7b3d64c96a676d649b2fb9e8425345ca5dbca571bda2e2177b18f805eed3c347ffcb4
-
Filesize
1KB
MD5723c2b59b6abb762a18b324ec07e91c6
SHA1cb2e48c409f3198a09f27dda905b0a039f65446f
SHA256818458a0017efcc1affb84e93bed2b415a100627f21ae79450c2da0fc38e51ac
SHA512166dbb5d68e425d43b6d78871d202b5c1e52c086eef5278ad01a7c855ad9963f22daf9685e59aa131a5f5939814dbe5dd68c4b19af7dc9491eea317898723c4d
-
Filesize
2KB
MD5662908c3467106d6371d7053d7dd77a5
SHA1354cc0656edc2ab81b76012b961386083c0066f7
SHA256972d6cc2f7d8910d2f9acc8bbd79ea287ed3134f77aa7abe97b9e6f0853317ca
SHA5129b339bf3d48e126d18298e9f6258eddc770ee5d2218fec1ccecde15529ee3dc914c1a65456e7f8a5c088b5e9e3dfbb47752896422679215000143b0efd86fead
-
Filesize
6KB
MD5ba0484f1a1202ebb52f02327985e966c
SHA1637b8db1c9ad0b4a9dcf4ea8953121b3b62d854a
SHA2561233fceed9a803c9fba1b709987ce3d120f4132e90d08aed09ed1b47abdd210b
SHA512164eedbece809e0d30d8c8378845481492175566604da83d1286f83669ff621995da476a92c6171a08a077fa393674210c46411afa8daf70de56400be0b6956c
-
Filesize
7KB
MD58abe3ad2f6e8ec541142ab98d1c6fbda
SHA147a76737fe66cc37caab436eab4165350afbfe67
SHA25641f4e6f77558a718ff132e62bcfb54fe7725483a73aa4fb2190c7bbdadee5349
SHA512a4b7befe1996551ba69e7338b4d73203afa22edf3d3ee605ee04efeac8718b9004c8c20da94dda79bc2b4431a7cff65d4fc2546aeb4860e7e57d5e3fc70cdcc0
-
Filesize
7KB
MD5b0a6325607a1f73d71f1fa6e97a59ad0
SHA114cbc76315f4bb1569a8be9f05d72495c30499b0
SHA2564dbc4b4039ffa2e475c4fd803f78ae4eae712395266e4defbad1279b1246f8e1
SHA51270ca0787dd1f2376960e9f7abb1fdc0df4590947f75b930b8ec73aff7e94aadb7e10d7e82a55c0be7b8ce8c1ad7dcff149eea5da1938e5e404e3c9f7b3ce3f4c
-
Filesize
8KB
MD5c9caa86509da177ba21e099e54a36b38
SHA1bc7117bcfe7fa2fd39fe2efac48377acb92e57ae
SHA25694ab283ac38690db121f0a00a7f63820d2f1edde80ba053d9d74b569ae3f94b6
SHA5122d1f858b034b16fd701ed18f9bbde8cf0c50f7ecf3a19ec356d1be2c6fd2b0b8b9f9f2b55b7b39a23f7947363efb33307628b276359d3f0c41da6fc81e0eda02
-
Filesize
8KB
MD58c5879447074bc6fef0bfee5577e75f1
SHA190c03c19ddc8009c6586c2efaa377b350435972c
SHA256d1d9f526e87d1edad9c53539ced1d749a8b84d05c1474af4aa05d39b76db43e1
SHA5125950c17444175d1e6f18f1ea23e4db3a8c6bba46222ef12010421d61c88c93db00dc6839700adb9735cc4ac182f8f063b01483100f1a2dbdfea0533a78f658a2
-
Filesize
1KB
MD59323cdb834027f7cb7de82b77364c7c2
SHA12807bf31eb4c07608138394eb496a4ade1e23c7d
SHA25698cb90b7b1dc3e004b78004131c59f124781a9d35a2583e07bee315b50438d2e
SHA512eb1462d85c06c2aaf5aff87829780cdd399d0e23e32e34a7b8fa2f37ee8d939eb7c4fa7d638e96ca9ca759ace159d1ae4fa990d83169feb367b278b6a07f6334
-
Filesize
2KB
MD58cafed31128c0279d7ef54ba95810078
SHA1b4638cdb9598b4d32ca2f57fd171bf5cf693fcb8
SHA256dc1128cb287cd7e73d5fbf999e48b3f46e7d0c5b2d5eef156df9634486831abd
SHA512e9c25fb659a50908c6a9a5efb1a21d9872b0b3dbda286359cefccbcda3cc4b71275767849394f28de9952c856da854385a3c5987df9d22587fdd704d9be9a81b
-
Filesize
2KB
MD5abef04704e4afce0bf070330cef7864b
SHA17c701dbd724b3d76bb00b88dcf246c7b39798ab2
SHA256c360570e66225e3a4100b72b94c62ec75f4cc0da69f4415bc3c0117fa50de448
SHA512ea4a8856be1d2b3afcadb372f22f571f4c2fb62c3d8cc0841061363de9c5ea3afb131f3f553586662fb192ab52aa49871d6beaea26219dd8ff482178c5654251
-
Filesize
1KB
MD596da1da3b8de7a54442c6e2b9b8e6998
SHA1ee81fe814ee33f30a72f1c84cd3f2cd7035a58c5
SHA25600df455dada6d726d4ad103dab03faf87020bf02044bb300ee59349a4b25e2da
SHA512deda8b8321e1050803415860fd7dffdb3f13397bfc3ba6ca39bb676f885f229f18260c29f8af2f70ad5f115dca5296dc805eb76b91e79197fe4db6df4db20fa9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD500f49bfb65cbf0c7d5eb67d28d7befa4
SHA1d83cc9184cc629bba245d00404f2734400c9d27d
SHA256f9720f0a0bec65db76e64fc7ab046ad9823d0584e3626548e07585948ce8bd96
SHA51265eb3506092c592c17d50d776809be0d6ff441ef1cfb8e74248bc036d1da6ab66868e6d17397fce86480f9b834d38dcd753c45feb5c41758b823a9b1b77eab6e