Analysis
-
max time kernel
271s -
max time network
280s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
02-08-2024 22:04
General
-
Target
https://drive.google.com/uc?id=12WBT8qXg0FZyiIfnQfimIrN-sUpoTREP&export=download
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/uc?id=12WBT8qXg0FZyiIfnQfimIrN-sUpoTREP&export=download1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe178c3cb8,0x7ffe178c3cc8,0x7ffe178c3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4836 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6312 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10142194032081408577,7597739163506465072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d30a5618854b9da7bcfc03aeb0a594c4
SHA17f37105d7e5b1ecb270726915956c2271116eab7
SHA2563494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8
SHA512efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77
-
Filesize
152B
MD503a56f81ee69dd9727832df26709a1c9
SHA1ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b
SHA25665d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53
SHA512e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781
-
Filesize
1KB
MD5c46ffdc1cb49177e22fd429bac49b352
SHA1c9b9671cd0083cd1eaca0d29c0f2164d1fd344b1
SHA25699fd5ca3638e467e534c3410e7b9a0a4424a4b75d98e22d716e118d90d18f51a
SHA5124e0052fbe55c559ffcf60e5ca00fa7cab269925b29966268bff2030f3920931931559e3982702a26eab78fe64a148dcf18c9ccf0bdae87ce77609af256a59d3e
-
Filesize
947B
MD55376dcf9a64b91ed78798f60607368dd
SHA140ff978895b7ac085b983b4c86ea1edb6938527c
SHA256c35d6ccafe7e05588b2ecb405efcc08c23b9195b8a6501fa5e7ded98cd0d953f
SHA5128e75103211d76e4871ec08f2833fe8a2560115a543a3c2a0ff364f7f573b40c9e2556fa38340b3b586098821792cca7283272d2a375c8d8dc8be5938abfb2bb0
-
Filesize
512B
MD5801248e4b11f31d35ba8fffcd5510232
SHA13464962b9e9079eed527c161df7b1f638e278730
SHA25698ea37a7add27c5072c8a35ce839c8dd4b85a3899bbb3e39b1d5704cf0d88fc8
SHA5124796b38dc0ef14b69ca811cd887a134335994fd0883864d1f83786abef315b91a753909dc8b14d82325f0e5950926da2d76eb27da04bae663abecfb65165cf82
-
Filesize
6KB
MD5286f7491b8b42df909a6fb46d1fa9df8
SHA1ed69e6b83557271235b9c1daa129c380021e3f45
SHA256e5ffd3a2287a8d6b0e693ff2eedea6c724d57d056abf67a8d18945243607f7c4
SHA512f352eb7043eeae89d968f4d5ad305df8dcc9b598281787a38d658f2e47204df6a2f396411da35ec13e4ac2b8a657ea0f365813dd05bdc71ab7cb50cfcc29684b
-
Filesize
5KB
MD5cfa4676b80b4e6102ecbde6775d9b21f
SHA1f599893912c13a5873c3a0609bbf19ee908fd605
SHA25665258c9ba5b28a301cf37c758e002cfd8e22cb49bad6a704f8fe74ca7302850f
SHA512ebf55c41b07ef64f92cc8727c9a300dc9ed643b95cf001d59b8827de7cfa5f97cba11a4e6a94a89322126966cc8d5b14b8c2713db76134473590582468ded5c3
-
Filesize
6KB
MD51ab29824bfcb8573dc0e2523e7311d1c
SHA1a4731778cc5b6a1ae61b02718e100d48480a8b61
SHA2561579658cf3514393160edb32d9c9facac86e77a383dc028bd8c69947fd9fe4a0
SHA51227b5aac87dea8fc4ea84aab951c8fa37eee2ebaadf0af1708d95479b5592ecba08351bada78e546ae56694523566f09e32da9ff25e4fe6ca81b7a047ac46b344
-
Filesize
5KB
MD5aa5df97250323419f73e6872c5cffaef
SHA1274fa8182e87766d2c5a19299f3fb4c231c25053
SHA256fd23a63d734225e06471be1acf3db8b92e5a6ebfe21d799dac2cbd9504015084
SHA51280e47a92e65bcd17d265528c2ea7db054bec157de9a107a627bea435576deb5a2f5661b0be9199f8b4be1aece52076b17b8df55999ce8f1bb7f5e8c56a5e5860
-
Filesize
706B
MD5be2f43bb95e9697d68665a28d9e2be79
SHA1b4ec898bd9058a8bd96eabda9bc67e62d169984b
SHA2561ffc1578ec0009bddbcde00618a19b74779eb12301379156deec0e4d838dfa3c
SHA512300469876f5016bf8f588a63c653434720f728be608ebcf2d8d17c69d4fd512e0ae5cb61b953127052f51d81cf232f8de9b7df55c53a3f66befa716458a2e567
-
Filesize
204B
MD50e0cd032a550190c76981871ed525835
SHA114447c259ce13e388e89579cd8308e205674e743
SHA2563e14de7d8d1afd1b81293401de1918ae2f4329eb0873bb89037b1d4f1cf44a93
SHA51242b8f61f68cdac50742a85aac3a3ac8e257fe2c3a2df66c5d752ab5c2bce50f7cae8320cd4b06e391720608d76d96b0b266064bc2996d51334076a4908cc10ec
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5742c91fdaeef7d0eaca6a767aea9fc9e
SHA12c1ec8206f42cf5c754091257ac85ad3cb0a656b
SHA256625f6e255d41b32755956b33d0c32b067ea42fc6f8ffdb2affb9be12b5933f2b
SHA51288ca91603448c301b9dd40f4e70777058684129c1d33e6bf040d5065247dcedd84033088fc17f54dbad7865deeb2100186ec1951c0a34775fd5b75335f0fb413
-
Filesize
11KB
MD53e843c7a8196b10c36669e21dc98a8f8
SHA17f83e719c27dc4f4cd64a46c2d3c76e250951c78
SHA256a4c0c0fa04e9f70f1b48449a3beec5458f6d0810a3561714e6b54b2ebdf0bf80
SHA512da946116bc30a99f7c9ece58de2e80587b817bc210be166dcd2c5fa1c380628d35d7a35c358c9dcba04c544084afce3598fb78d019fc3d05517eaa2c0505dc15
-
Filesize
234KB
MD5fedb45ddbd72fc70a81c789763038d81
SHA1f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a
SHA256eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2
SHA512813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298
-
Filesize
134B
MD5b184eb1b4fe2027480184f3474a679c7
SHA1c83e08717254bf181b810be4e64e1b011077a2d0
SHA256e2c68e39818578bc450020e2efc6f8e61afd4344eb0bf7f7c6e7e8accc849419
SHA5124838583b65c35bcfaea31afd7d617d85f734a8b8f6db4981aac3254612ca73764ec00e0c67a86ed92dc8a3941cd898923c229d88a637814cd163aa365293b422