Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240730-en -
resource tags
-
submitted
02-08-2024 10:55
General
-
Target
https://drive.google.com/file/d/1jCJeKGuRqJPNMCU4YLppWOA68SKC94uk/view
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 39 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 61 IoCs
-
Suspicious use of SendNotifyMessage 21 IoCs
-
Suspicious use of SetWindowsHookEx 38 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1jCJeKGuRqJPNMCU4YLppWOA68SKC94uk/view1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffccda33cb8,0x7ffccda33cc8,0x7ffccda33cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,12355160627183895802,2069840415437345889,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_win-unpacked.zip\win-unpacked.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55a74da741d06afb57fb3e6d0f1153c51
SHA147f25e21ed1b46c3c4c75c88ee385ed14148a14e
SHA2561484219c80c7655496bfe230736a18cc1e7856dd3434767499a118b9f80e1ce1
SHA512491e27f18af6a999a0d87ff0ffa09b82a6f9e53513ef422a2b3fd7f6bb3b67ef8b0de884d92c0279efa6eef2188f8d000c792cb12b54c039055ae66b9ed0008b
-
Filesize
152B
MD54ffb24d8a995f196a0d7d53afbe39183
SHA1842a7b79140f372503455f124760eb2ef4f01c92
SHA2560a61d536c80238ffc4c677a0f4f12f1d4c2812225e0617ac0d42a3966995e804
SHA51243e9eb73c08200d479fc1ef74e53bba6a049fda9ef90537a232023a1dc928c06a59cb0a3b285ccfeccf46a64e823e81b07d281ab58e3f511250d3652a5b07224
-
Filesize
6KB
MD5dfcbdf467bc825f25b258f1c90640da5
SHA16023a8ca34ac8166bc57297f67ea9caa2269269e
SHA256d05e286660924a6bcf597e0f099156ae8663940c29b00b7e10bdf3b802ac97b8
SHA512a3ef2099a73af530a64c19d455c7311959601a95041d1eb9352bf9dfe50b42b4e1817ec2738573a42e40f6ccad318adff8d33b790c866a5573ceeca4dfcfb2f2
-
Filesize
408B
MD5f5e12a4783b20da81ec59688301588cf
SHA1e903a714927560b74436c2e86f362a21fddf4dbd
SHA2563464d6a7dd4283d56346fd040bfede833ec8325e20680af9cf1766342ab356b2
SHA51297d4d1a021f39b515c42a1efeff2f288084f346bdd6d87cb14aaa330faa30ba4b402a7c17ceac060f666af416bd3fe2b7fdeca6de8de017efce46db9452730a0
-
Filesize
3KB
MD5cc45d1c2faefaef4af11e02b4a92552d
SHA122035df00edcf8e8e2318a345d74871e32c387d9
SHA256187e49162d9cfb223c5242de5e440ea89130d81508ec28985d45f935f8e85e13
SHA51220cf66e8682940a13d56ced249b06314e94881a0a629903c37abb16bd89abffea8df7dc3255ac95dbd40a1fa15b1ad3b8548843db2f9313c409cc5457a825ff0
-
Filesize
3KB
MD54069ff791c40ecede4cdf4c99e6e4df9
SHA17faa1f7f0e4703bac8e0222de511530c369f1f6e
SHA2564ae03b15bfa0ac016bef34232115a3e0832d04750f2e33bd2193ab70ef760e98
SHA512eabd6481fda8a828e8ec411cc88c318d8c154203c509500713c6d487330acd37e9776de57e4d5882e4fe6e3cf2608f22f420997e104e3ad6ab7185270b59992b
-
Filesize
5KB
MD524e0886601247551dfa9050c756b4814
SHA16f2f96afe8d06a6b804fb67cfaea210aa0e2da42
SHA256e628368f7a93d64d6fd88a602dd4d1219b0852c6ddb5b4eff585a92ceb560ec8
SHA51233ae4057c27834b440ea987a400e3cce45587d96545a6af0be43df886b815bc56ee9803817bccde0776a72755d450d175501f1351c3b9fe42f81eae834c241ae
-
Filesize
6KB
MD54009a1e57f5c2f7305fd02dbd82004fe
SHA1b5453029f1143948fd155a34481f80db150a8e29
SHA25633f0ac7b6ee5b82b76295268db2c9b1a2818629032e3ab5a1bd6a62250c0bf15
SHA512eb5dab3312435ef3a7d065b62b35c603c3315df360f13f73ffefd58be1baf5435c5c61ac9ad9e3b292a508e86d8216b29f3eb4fe909fef69279d37afc0079a0f
-
Filesize
7KB
MD593b4696e6b57697260f2acd86e11e1d6
SHA1cddbeac7dfc4f2384abf1944977318be01acca9e
SHA2568b8df998a11e5ccf047e0a9e02dc9410fab31071058359f820e94bbe174756cc
SHA512ed29d6c8e1d1ec201aae4260923fee6ec1c91646bb0b6f6123c2dfeb8476cea1db2677b8479a3c81677637c9a8d011c237b8630ee36e5b6612e6a35355a14639
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD51610fa3315c7f49ccc7f4d2c20786b77
SHA13d285c2c79126586093c074a99426c9a880caf4f
SHA256d098f6068ea6d980f911aedbe397c95eb0ca5d89ef36e015aee5e968af42d566
SHA512b5164588ba0334e0375d18b5c0cf5a5e41f6323f1bc7c3a1c960c07973c9d7902f3ab7b076ebf3322b333ddecb29ffe7335c77234191ff7f4f58510cdaae0397
-
Filesize
11KB
MD5dcfcdf53e8e9dfc472eb9fee56db8eb0
SHA1c49319cfd419e292dc208e37d54c409f693fbee7
SHA256d6782f7fda23ca7e33b7b8ed88014812164cf84c4902c12156f324923e09a3ff
SHA51249168a759da078f2d18c1b01c3e073408a2498f988df3e12a566bbf31541271d3b36df8170f2aab3dc30d9dfba4b75769c9f4fa8efedc3f8855733c0cba6f289
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
208KB
-
Filesize
992KB
-
Filesize
2.7MB
-
Filesize
16.7MB