Analysis
-
max time kernel
29s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-08-2024 19:42
General
-
Target
https://drive.google.com/file/d/10nUhSMg9mv8AolnlmrSa5KIm84aMmUgP/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/10nUhSMg9mv8AolnlmrSa5KIm84aMmUgP/view?usp=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa528b46f8,0x7ffa528b4708,0x7ffa528b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13785843473907925983,15295249774237450581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD596142ba45f7203a8c4d877b2d70588b6
SHA1e1d1ac761b3c41ba0a3409d7bec68ca22ae1fac7
SHA256dac3fb834fb077720a5a79f49add75e37c15bd07ac063b5516061ffc611c334b
SHA512fe09d408370c5ddfa3264f870118fd2edb2e4184871a8029bb62a438be6da78a8e1f72d176149ce6a4963e9981136dc878aedb1e0c660833482a9850680a4beb
-
Filesize
152B
MD5b367ffa3cd6896506992c5bb8b91addf
SHA193c9bded12fd3a814e4a87d1ab6b102818a9996e
SHA256a2e0b202caf41d3a5fbde3824043e423cc9ce0ec9653a9d1a2d23b04c1467b96
SHA51244e2745fad967ce9b7a2be00b75d6617d441ebe2763d81a8c038d57906b1c94d6d57c930141331c39e032a284b59014646dd9054be213fd973e75a2269466a8a
-
Filesize
5KB
MD53311c5346100b11e701bc050f0a5b737
SHA1b13a4b21b97895e744bb653e8525c78f89bc9040
SHA2564b3aa4c7843ec850a93e1e32304b0980fc8a0e72e6ae47b9a8100214330a1aaf
SHA5122280f6d5f343a0f715aa0d3a0aff52f237a1e9903aa8e936dc23c78313b0bce036416a00b374b545ae9066a95f264547390b537f2987fe88399e3aa69b47efcd
-
Filesize
408B
MD5420811f47aa2718e5370d110966d5b19
SHA1ea9761cf413744baa96173c0f5737d3c923469c0
SHA2569a239b1585db484a1bc0b94d50103ae5d05a2578201d8f998b01ffad6ba006d4
SHA512bf72fdd430676dcc4cd753132da27fac85f461c66e1da3365959144397a83d2b926bf6929d5273ed9cff9a415a880f91e9cc57c43990a7618bf4e4dc11258e7c
-
Filesize
6KB
MD5da68db5d717a5fb0dc6a7dcca848ae84
SHA1c62854b5901ca7a2e017cbb5d40ad71cf00af8ee
SHA256fe56d02a88f4e11ef3e4431ebe0ca348e3402a01d80189af86259829e9ab7660
SHA51227094d1661c6712c4e70d948d860181f919c5984c60e6676d9aed9293046c5d6d3e79fca31f8a35eebf91113953aafb7402d9ba9dd09d3e550c628c94a711ccf
-
Filesize
6KB
MD5e566aed000f904296f8975b7a6d66f75
SHA1b6ad8d580797e72c7f502836cd2d775caaebe645
SHA2563917f93337f298dea47da301baba09e958a5912d42f11f2b502fe20d907b75c7
SHA512b0005eaf780435c123e68128b9134fabb171f91a2771ee481b339464fb7e3fe92721ffd6a3808ea0f37f251118d8b4c2d12c61258c2fb3f1d5f1133edffcf83d
-
Filesize
24KB
MD5852d886f30a60b001ee9e16d15da655c
SHA1713ae02473e2af931fb4455db3be07a00c734e97
SHA2560c05a4e24bafde15c1c9cfa778ac25eb5552c22b1a589b7b473eebc752a6ca68
SHA51209625a70076a264b7138dc14f2fe81b0e8ad6cc0ecb3cc4f5d5bd73eb58fab1e2528c5e3a3a40837740895a5a694b94b2fa174a8595960ef122823a4132d4f73
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58d57f6d42d1103775130f42c994e43a4
SHA1ed6816ce83da2c40762db9f860a7ae119e3675d7
SHA256e1289a18b1119ceb5c1e1d69a14fcc97d4fce0ca1dcac55fa0676f162008b835
SHA512c44114fe563a3c95d724684d3cf5a0ae9924726390a82b450bf82f6dbee14f3f7ff23f77109ca23d3725551d4d642d48b32f1e1101433c8c14100f187b7e82aa