Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

6

Resubmissions

13-08-2024 00:24

240813-aqgpaszajk 6

08-08-2024 21:05

240808-zw76wazclp 10

08-08-2024 21:04

240808-zwymfatdjf 6

08-08-2024 21:04

240808-zwjtaatcrg 6

08-08-2024 21:00

240808-ztaslatcnc 10

08-08-2024 20:42

240808-zg9fdszakj 10

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-08-2024 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/file/d/1Wj07ngMff9_V0N6-76x4czf7APGZn0Bw/view?usp=sharing

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1Wj07ngMff9_V0N6-76x4czf7APGZn0Bw/view?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1404
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
      2⤵
        PID:116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:4992
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4900
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:1540
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:860
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:4644
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                2⤵
                  PID:2128
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                  2⤵
                    PID:3884
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
                    2⤵
                      PID:768
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1696
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4120 /prefetch:8
                      2⤵
                        PID:4388
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,11593268411058259530,450437775305992228,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
                        2⤵
                          PID:4940
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3452
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4124

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            eeaa8087eba2f63f31e599f6a7b46ef4

                            SHA1

                            f639519deee0766a39cfe258d2ac48e3a9d5ac03

                            SHA256

                            50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                            SHA512

                            eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b9569e123772ae290f9bac07e0d31748

                            SHA1

                            5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                            SHA256

                            20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                            SHA512

                            cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            384B

                            MD5

                            4d75d368abdf4128b9440cbc9961c287

                            SHA1

                            76db97fdee2ce643a017f0dfa86bcce4d2f21036

                            SHA256

                            09d29cdee8ef3c429c352571c4677956fcaad9d19423f288431cbe271df64d5a

                            SHA512

                            5696db90bbd29e3675e051598fe96977b084fcef70ed1f60588ce005338c419a509919075c21ae916312d7ee94136459600c195959fb3807b10ae3bef071a25d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            3KB

                            MD5

                            cd27d5d27b913ee0e07127110426d64d

                            SHA1

                            2fd8a326c2721b0b1488233fb3341f75205a679a

                            SHA256

                            4ae36dbb41fe8c8cca73770159927c802aebc4a331babbf059a5167cd11b4717

                            SHA512

                            e5a9d83342133581f1b79c7c071d0b5a387655c9b3cdb432d96304530906ddaf6b2b4b8472ba7ea7de789f5b22f0d860f6329a7db2bd716ed56526e1943940f7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            c223965059027f611adeb91ce9ea11dd

                            SHA1

                            c0fbc2510a38b61e134c815e1bcde4588f51308d

                            SHA256

                            20fee1392d8331f6384347dd6f428820c4a8eb32944744feec0ede418af2b612

                            SHA512

                            52c2a0b91cfaa86a8f3fcf85bb89671d919a8c436207407c146b5525c8318c9b146383bf72647360e91b4cb670b830e14a4b8712b82f8139084386963d44ff99

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            aa8016caa52780cb37e161aaed804841

                            SHA1

                            b91bb0c153ef43e750b2959ff46502a3076bb148

                            SHA256

                            486c7da47eb52938cee465c3dacfebfb01709e7132f06a994d8468c7583c5677

                            SHA512

                            e8924571d6ffc596809e61912f299a80529a62882f2d088d70c2ce7c6a5db11c80721bf5266758c9596b886f22874d0db5cd61ffaf5af53f4a960a5700e0e60d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            7KB

                            MD5

                            7b8016315f6afc8165d020b5a7a14027

                            SHA1

                            a88b4861c1de96ca0bb38f5e8819fc5c3a3e6a3b

                            SHA256

                            f7e13fd7eac591904caf434282012045e1ad14284e6590571abdd05b73f91af3

                            SHA512

                            cd9282bcae5c244c1b4f35c4327e8bb039fb695252b10a1e882f1b64f430f824479f6f6a8385790154d3af1424876c1df5b16a488cf598b5605b1772f5f5436a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            e931176790bd8ef448243a2f31e77934

                            SHA1

                            4c2bdbd29b527d7154a9c024eae440ec46aa6194

                            SHA256

                            13f6916abff90feacb65c152590f91f97d80762122e0cfd5e63a4793a70ac399

                            SHA512

                            7a125f0bb0adb76873c9d541ad38e8ef42cb851b70c38d43929c8286836a01bc357a844e891d948e41073bb83cf28f1aacea7fbba2a227c8702c1ca59dc51ced

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            5911fb5c0abaf1acaef7c255175d1e9d

                            SHA1

                            3a7b663a239e81c92d9166db776aaa1041596d3f

                            SHA256

                            f5475865bc06433935c7ab5067a855c9de41e56a0f8204b89bbb230703be5b6d

                            SHA512

                            80b21a0728202821ccdd541d7b86c54a3217258f199dfa20a900482d2d7d619bba42e5bb832b08949983efa8021410c8b0776df54913229d5bba0889985ddfe3

                            Download Submit