Overview

overview

3

Static

static

1

docs/install.html

windows7-x64

3

docs/install.html

windows10-2004-x64

3

docs/license.htm

windows7-x64

3

docs/license.htm

windows10-2004-x64

3

docs/新云软件.url

windows7-x64

1

docs/新云软件.url

windows10-2004-x64

1

upload/art...jax.js

windows7-x64

3

upload/art...jax.js

windows10-2004-x64

3

upload/boo...ook.js

windows7-x64

3

upload/boo...ook.js

windows10-2004-x64

3

upload/cert/index.htm

windows7-x64

3

upload/cert/index.htm

windows10-2004-x64

3

upload/com...ent.js

windows7-x64

3

upload/com...ent.js

windows10-2004-x64

3

upload/dow...jax.js

windows7-x64

3

upload/dow...jax.js

windows10-2004-x64

3

upload/fck...mon.js

windows7-x64

3

upload/fck...mon.js

windows10-2004-x64

3

upload/fck...eld.js

windows7-x64

3

upload/fck...eld.js

windows10-2004-x64

3

upload/fck...t.html

windows7-x64

3

upload/fck...t.html

windows10-2004-x64

3

upload/fck...r.html

windows7-x64

3

upload/fck...r.html

windows10-2004-x64

3

upload/fck...n.html

windows7-x64

3

upload/fck...n.html

windows10-2004-x64

3

upload/fck...x.html

windows7-x64

3

upload/fck...x.html

windows10-2004-x64

3

upload/fck...r.html

windows7-x64

3

upload/fck...r.html

windows10-2004-x64

3

upload/fck...s.html

windows7-x64

3

upload/fck...s.html

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-08-2024 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/fckeditor/editor/dialog/fck_about.html

  • Size

    5KB

  • MD5

    73611171a38f0969dc99bbf69bd5fb3e

  • SHA1

    90c8281d6b6b6d40cb9fc7e5686d74e86ae8cd24

  • SHA256

    2e545533724856be7b9c4ae99ce64bf2fab1ea4081725d1b41929e8f2aecbce0

  • SHA512

    02ff7e25118708bd207f3e0f338ef2c45264cf0c44fced79fc08f39065df6ec683612f9943685a10012ebd786cbcc54a927103593dc47d583c19b012fa1069c4

  • SSDEEP

    96:jQxgqzqhoIqqPVEjUfWvFQf8E4rI2YeJdhCHC86kNHmeoIcohQzcDl:8GhBeIu9Qf89rI4LCi86kpmebmzcDl

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\upload\fckeditor\editor\dialog\fck_about.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1828
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbda8246f8,0x7ffbda824708,0x7ffbda824718
      2⤵
        PID:2104
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:2632
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:812
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
          2⤵
            PID:216
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
            2⤵
              PID:4788
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
              2⤵
                PID:416
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
                2⤵
                  PID:1572
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4448
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                  2⤵
                    PID:4984
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
                    2⤵
                      PID:3484
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
                      2⤵
                        PID:1764
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                        2⤵
                          PID:3396
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9460141056732270539,3106915142958991745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5512 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1804
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1960
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4892

                          Network

                          MITRE ATT&CK Matrix ATT&CK v13

                          Initial Access

                          Execution

                          Persistence

                          Privilege Escalation

                          Defense Evasion

                          Credential Access

                          Discovery

                          Browser Information Discovery

                          1
                          T1217

                          Query Registry

                          1
                          T1012

                          System Information Discovery

                          1
                          T1082

                          Lateral Movement

                          Collection

                          Exfiltration

                          Command and Control

                          Impact

                          Resource Development

                          Reconnaissance

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            54a5c07b53c4009779045b54c5fa2f4c

                            SHA1

                            efa045dbe55278511fcf72160b6dc1ff61ac85a0

                            SHA256

                            ff9aa521bb8c638f0703a5405919a7c195d42998bedc8e2000e67c97c9dbc39f

                            SHA512

                            0276c6f10bb7f7c3da16d7226b4c7a2ab96744f106d3fea448faf6b52c05880fe65780683df75cca621e3b6fff0bd04defb395035a6c4024bb359c17e32be493

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            d3901cd618f65d66fb0643258e3ef906

                            SHA1

                            c9b42868c9119173ff2b1f871eeef5fa487c04f6

                            SHA256

                            1f74c3d5f4d41c4d5358e63ad09f8cede236eb66957f9888f42abf98b238c086

                            SHA512

                            89c122ea72ae3f26c94e34040e0f0a856506c8490ba36fce371a731b3f0588407c6356cca2ebea37ac829a67c2b398e298a64d5a72712172f69071264ca58e98

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\18bb70b4-c5ce-4512-b455-c662b0e38979.tmp
                            Filesize

                            6KB

                            MD5

                            69bae0cb0c0d99275e87d3e4e13364ce

                            SHA1

                            bb2fc24e9c3ce2e2c5e5821fe4d02d42bc8843d3

                            SHA256

                            7f86b57f663e0ddb59f13f39205d93d7d5cde07d49a99f30303596c7f43d1595

                            SHA512

                            fe752a52f2c333e80f8a258188e2bd87483291e5cb34425e49d8db4dc11c2e0e92b9c5c11b33efe441001687cd9121ddb891020c64705beba498a7e171f0a83e

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1cc1ec42a347b5e313ec411f2deee56f

                            SHA1

                            f707b840bc835fa77d550f2dbf08c49de703b3f2

                            SHA256

                            622cf6f9c6e1a1fb5b0b7ef42d571171917d9dad9d7547430c8afbb38c602def

                            SHA512

                            4f478afb98bfaa90dffc4d16f5592f7e9fca100543ed83bb26263afe9bb161080ab469324927d69dfc7fc5eb1caf9541cc37a64e26b89563ff77198c7e52641e

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit
                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            61b661403965a8b0ed0573fcd0cffd0a

                            SHA1

                            1570404b7e69604c9c8bcb5ce39eff0a14b64f67

                            SHA256

                            39174a49e3e5d50bae1e651da48ad67ac53881ff209aa7086a92b8fe0623aecb

                            SHA512

                            3f3c70d46a1813a891f5f07ce9fe97847660189c464eb5479c49850ad4be29503ee2bc234f16e167620f6b9b1f55c6dd023158a1cee01965f0030fc89a61b735

                            Download Submit
                          • \??\pipe\LOCAL\crashpad_1828_MMWWIKBSCIHNMNBO
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit