Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://processcheck...

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 14:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://processchecker.com/developers_info/46296/ALFEUS,%20s.r.o.

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://processchecker.com/developers_info/46296/ALFEUS,%20s.r.o.
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8216646f8,0x7ff821664708,0x7ff821664718
      2⤵
        PID:1088
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        2⤵
          PID:5056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:3544
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:4248
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:4724
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
                2⤵
                  PID:2332
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2036
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                  2⤵
                    PID:836
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
                    2⤵
                      PID:1932
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                      2⤵
                        PID:2284
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                        2⤵
                          PID:4560
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                          2⤵
                            PID:4744
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                            2⤵
                              PID:2332
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                              2⤵
                                PID:2060
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5372 /prefetch:8
                                2⤵
                                  PID:1572
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
                                  2⤵
                                    PID:4048
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                                    2⤵
                                      PID:2356
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6296 /prefetch:8
                                      2⤵
                                        PID:1636
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6516 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4480
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
                                        2⤵
                                          PID:4408
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6253401315038027641,13544373620201464091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3960 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:5928
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:2108
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:3668

                                          Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  d7114a6cd851f9bf56cf771c37d664a2

                                                  SHA1

                                                  769c5d04fd83e583f15ab1ef659de8f883ecab8a

                                                  SHA256

                                                  d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                                                  SHA512

                                                  33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  719923124ee00fb57378e0ebcbe894f7

                                                  SHA1

                                                  cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                                                  SHA256

                                                  aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                                                  SHA512

                                                  a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                  Filesize

                                                  20KB

                                                  MD5

                                                  6931123c52bee278b00ee54ae99f0ead

                                                  SHA1

                                                  6907e9544cd8b24f602d0a623cfe32fe9426f81f

                                                  SHA256

                                                  c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

                                                  SHA512

                                                  40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  74aa6f4931df427d37871f54b1c6a70b

                                                  SHA1

                                                  12dd6857e732d4baa162adb6b27077fd3e72432b

                                                  SHA256

                                                  01f74ebe7f1dc6c4128b7843c67545cee4ac251fc878c0c8f640f3f0a8f3991c

                                                  SHA512

                                                  ae391966fb5cb8a1ff6189c1662058b4e6a8d8f32dbe5e091330be29705ee74ce63a1fbb52386fd7c25f372806db328909c0aabf904966b9540e1689cc069c08

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  59c0d84acc0669c3b1b2c19a11e1c45d

                                                  SHA1

                                                  0842fc9fca16dcff6e2087720fe1046a8b210fa3

                                                  SHA256

                                                  6e5037b21e8eca80b5cee62553a41a5f359c440f97273310eae997efcbe165bc

                                                  SHA512

                                                  d2aa4a3963e87e65fa071596031062b287d2ce286f1a33d84330e1cd551069338af8498778073eeb7f5d5ef111c4cbf2f1d6e96ef858d8d9bec53543114f3d6e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  d9e0e1e781cafb30a73ff3e0e35df8c1

                                                  SHA1

                                                  0f4c00a6b3d0206403294aa9e0f67de6ec4ece88

                                                  SHA256

                                                  6246b7fa35bd1e16c62edf3d3b307f6847a61f3aa1ad483c0f8c788693df940d

                                                  SHA512

                                                  5318c48df8db5e154680f746e448a2dbe2c4f57218acd4284e03fc39fc7cbbd8681fe075fcb882566a47d7dfda6fdc93dc46e9ba4ca34fe8fb224352b3e9f5a3

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  7KB

                                                  MD5

                                                  b962ab866f1df87b5c07a053434b3eb8

                                                  SHA1

                                                  e650972289504d272ec88c0ab17b689dc85ea3f1

                                                  SHA256

                                                  66f41f8b080066c8c55c3c232888ff102f70a2082afc69e2ffffce4fa98104bf

                                                  SHA512

                                                  dcf3acc7e6d6e662c9d75d034e94d5260a20962da32a9835dee0d0075cdee693926b1f8bb130f695be22f051343bda37554c0a460323d38133a92cfa5e45ee97

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  3f1b953eff0a6bc8013790857b60f3b8

                                                  SHA1

                                                  8d16258005263bac6a78c25262166e327ec0c57e

                                                  SHA256

                                                  6562fe0194da0b3aeb4fa1632396b86015a28aba5945eaf79c7220fc7cc9a4ef

                                                  SHA512

                                                  bddb03f2cc62c1b6c90b74364f23d96407f2a2a9a16148aa45939e444cbb15e09e50092dcebd31e05a7d9b75d5277ae558871157e9072c9753a1041d99c5a7ba

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  c8048b5670519a18b25fa2c8c52fbde3

                                                  SHA1

                                                  8757ada4fbf51fb8bf4e37781a689945e0d19354

                                                  SHA256

                                                  9f6d8e26a78a17e513be734c2962aaad2ee9611e7ea7280936a1f978911c9bed

                                                  SHA512

                                                  03fc1714be5d3b47cf6c6b652715a5e2c82340de34ac572c6dca658981b834fe212db43f28c59fbc29c6034161a9a6e1709ef7b9484e74a16e83674d03bbcba7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e24.TMP
                                                  Filesize

                                                  703B

                                                  MD5

                                                  bf6c667b125b342cfba3d6c5241ed5c2

                                                  SHA1

                                                  41dd791b4d34f87d831f2e63847585b3d7a94f4d

                                                  SHA256

                                                  a645bc267a36d63d0c9b137f27e5f80e52c8cb0e9bc3ca72668d9968b12f2b5c

                                                  SHA512

                                                  fabebf1b052f570d8d050b6dbef8ed816fb13f488299da1d0b9808cb2d9ea7c1512a2a4da34997eb30a6c2d4f68880bc102bd6477ca7cd36b772cb3c4e8a6798

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  79e2069480755ec7d68c86ad1fbf9aa4

                                                  SHA1

                                                  717cdb76c4da0ec25672ec6b0a9a7c12c2a87cf6

                                                  SHA256

                                                  c61ba6756bfcc0158e6452460a8ba43a52aca7d1c36c4edcaa02fee9038a56b7

                                                  SHA512

                                                  5edeec2f2549d2d6926a3dc70fc2f9fe535302d7540e698faa1c80f47cf41721bdf10f435d3f99474212c925193225b619765c84fe0c1037f6fa80ab8811f208

                                                  Download Submit