Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://myinertia.mo...

windows10-2004-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://myinertia.motionconnected.com/Login01.aspx?r%3d3982EGA9GBBA

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://myinertia.motionconnected.com/Login01.aspx?r%3d3982EGA9GBBA
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90de746f8,0x7ff90de74708,0x7ff90de74718
      2⤵
        PID:1116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:3776
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1932
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
          2⤵
            PID:836
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:1436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4300
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                2⤵
                  PID:728
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3524
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                  2⤵
                    PID:4200
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
                    2⤵
                      PID:2144
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
                      2⤵
                        PID:1972
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
                        2⤵
                          PID:3996
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15867321046372149391,4934094543059309934,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2320
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4860
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2880

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            e4f80e7950cbd3bb11257d2000cb885e

                            SHA1

                            10ac643904d539042d8f7aa4a312b13ec2106035

                            SHA256

                            1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                            SHA512

                            2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            2dc1a9f2f3f8c3cfe51bb29b078166c5

                            SHA1

                            eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                            SHA256

                            dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                            SHA512

                            682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            192B

                            MD5

                            255f8dedfa1ef9a67166478244b4de41

                            SHA1

                            872f43db23366b9019445cb63e6fb67188f232c4

                            SHA256

                            cd231ed4886cf211f614638a38b50842ce82a1b70b152d28cdd65abe68fca3b6

                            SHA512

                            29e35e4f9f2ddafcf97ba26fec5590b24c68ba4e556ecebfaaa1aaeba5ddb45c5008070a136695e3d2651b1397e3f7a503c1e781d6a4b9f58ae593ca41a388e8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            498B

                            MD5

                            070965aa9ac6acb36d3189085f1ec72c

                            SHA1

                            30485b10caf590ac2fd12c7197fede808e3055b9

                            SHA256

                            221b455a263de573acdaf261eb85148cb8cf009698edc1e84696649324808f03

                            SHA512

                            80404f96ae6a4294b8dc198033e1d670e5f14a1e85e76f552e7a3dc0f3449787f4bd81d96cf912ed3ad334db76f90c899a3b7f0056cf04008a908778cc16ca94

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            340d810a6f2f17e2e37d10d9966d2054

                            SHA1

                            022635193a4386e342316628f1e1a88bf32d6fc2

                            SHA256

                            4bddc1e21de314513ab17aeed8bafdd12db3e7ccdc9fcbef6008550611dac18b

                            SHA512

                            8a9afb8f8f8b407080e9b2280ca922b96c93c908905a04d15417c06690a15c6e8c677c1a1472c5aa7d8be2fedf50216e387b5c30a369f13f859107f87b4f60f6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            7KB

                            MD5

                            5d5de349a0ac4f03bca6e91cc54f7411

                            SHA1

                            2695395bec6f21134d4089c7c8b181b6c4d421f3

                            SHA256

                            e3a179505e4e3a20bfb3a4369e64d18778882562b20ee7fc89c1ec38cd62d141

                            SHA512

                            d644ef84336bb1719c4d769875338ebc8eb0329739ad1bc1a9cb3ffca75a2d24c9a7a7046b246b59b0a667b35faa49f219d831ece97dee445c24001885f576a5

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7f7dfd3d7e93f0633f606e5d44feb93d90f8a40f\4f8c0145-962a-478d-a8ed-ca3cb5d6fccd\index-dir\the-real-index
                            Filesize

                            120B

                            MD5

                            c13dce092877f061882b11c87442ce42

                            SHA1

                            ce2dbe9ffbb4f0d4720c43af5bd6917cd7849e70

                            SHA256

                            a78a0511390998e11667b5aefd866c97ba0f89b23e62e19cdb4822f7c597c3c7

                            SHA512

                            4744066f6f2e9b47a2bc78e945ce08cfe03ba995689d0e2d54b4c93bb8b7fa3de44293aa7f65a77b63d7f075d78f7e73425d1d09115d57143628826f8ca99bdb

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7f7dfd3d7e93f0633f606e5d44feb93d90f8a40f\4f8c0145-962a-478d-a8ed-ca3cb5d6fccd\index-dir\the-real-index~RFe57e177.TMP
                            Filesize

                            48B

                            MD5

                            5112abe91d8f4a7a165952d12e15fb7e

                            SHA1

                            e6db763e51d420932f6dab0d039e7a8991d15417

                            SHA256

                            bac7af3ef80b7a80b11c83a51eddd719921e8f05d32122cbaa7bbb1e40bef6e4

                            SHA512

                            ef3dc21052df475e4c835fafc9d4841e85413dea7e3516c4a19549ef66fdf41a758372f934ce7ed40b7422f59ebf565e1b3e2f6b0832333ba3a867cf15539971

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7f7dfd3d7e93f0633f606e5d44feb93d90f8a40f\index.txt
                            Filesize

                            106B

                            MD5

                            adfaf5870c8c3d4e15199b961bfdd078

                            SHA1

                            d0491e6c5e2f83cfe7e1c2fdfd3f43b87a43ee7a

                            SHA256

                            ea37af63bd9aa0cdf919e92ad141870a74dcf4d0493623c317047e9304a94162

                            SHA512

                            1f32e3a9032d366f85f0665088c65bac41dfde7848a9b67728fcb3c43fef240a5340ff6c65be41ef824373b82c2fb01affc8265801ae9511a3ad4cf9dc30733e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7f7dfd3d7e93f0633f606e5d44feb93d90f8a40f\index.txt
                            Filesize

                            100B

                            MD5

                            020d02b3f4cc3b6f9e654184e0a69787

                            SHA1

                            c1d8cb1e645a96ed99b9f8003f96717daa677e9c

                            SHA256

                            ae2ab1919e8460e23e28c35a60f2732b55c51d9e6b3950c303fd7a4a996c2cc8

                            SHA512

                            23a7661fbb6823bcc59ecbfec2dac34426044ac16065e9aa6f6de1efd039d647a5e31b6f00dd09340a9e07de09249afaa7788feae53f52e59add882483e0da3c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                            Filesize

                            72B

                            MD5

                            41dfc64d8889f07b0a83dfcd73e0b7c8

                            SHA1

                            b9abbb34298f03553f9b5f14d662a5a7464ec338

                            SHA256

                            f3664f65312cd513faee6fae4c9641a527320f9d28ac7b3f17c7f08ae8bd4491

                            SHA512

                            e8cb202ec3cd8111635889bcd84720b60fb5fcee643fc902ba8db40cf1fe2ff4c6f1c85815e55149d4240fa4a51d0f47359884b3d50e11d0a391cae21f0d619f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e0bb.TMP
                            Filesize

                            48B

                            MD5

                            24e5bc443759801b3f03b1033f3c9078

                            SHA1

                            8cd8fc70fcf7e425b9416e14dad48dfabc74e5f0

                            SHA256

                            8998c7643370b0646c0bc459aeb3ef2a8fc8e79cca2a31a71954d7bd0d6632ed

                            SHA512

                            fd4297489bc91250fcce645d1fb159d1cf4845c4e94b929ab76bf62218baef26681a83a4aef6d04c095bdf491cde539d3bf4e633f43002bfae1c483a91d7a8ff

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            0ef6eb4f50526b322c67313128916619

                            SHA1

                            7ce02d52fa7ca9ad9302b93d0cf58ec6d2c96d4c

                            SHA256

                            0427db98d3536613e274d5eae3bff4db35a22e1e15862087ffa15b9f5ed592eb

                            SHA512

                            b11068c7439fe6e0e030fb0a29933669217e4acb4aa1280fe91c739cade9214fd25e316df42920077fc509c8357a13d399ea60b7aba9b5aff4607d495b962407

                            Download Submit

                          • \??\pipe\LOCAL\crashpad_4872_RCQHCEFAXFYCKIHT
                            MD5

                            d41d8cd98f00b204e9800998ecf8427e

                            SHA1

                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                            SHA256

                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                            SHA512

                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                            Download Submit