Overview

overview

3

Static

static

1

URLScan

urlscan

1

http://payroll@mail1...

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://[email protected]
    1⤵
      PID:4992
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4284,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:1
      1⤵
        PID:4544
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3936,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:1
        1⤵
          PID:2412
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5256,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:1
          1⤵
            PID:4656
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5228,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
            1⤵
              PID:4832
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5528,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
              1⤵
                PID:4016
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6060,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1
                1⤵
                  PID:3772
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6288,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
                  1⤵
                    PID:3252
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                    1⤵
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of WriteProcessMemory
                    PID:2264
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ffbe860d198,0x7ffbe860d1a4,0x7ffbe860d1b0
                      2⤵
                        PID:2516
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3356,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2
                        2⤵
                          PID:1748
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1960,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=3396 /prefetch:3
                          2⤵
                            PID:4072
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1808,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:8
                            2⤵
                              PID:4120
                            • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
                              2⤵
                                PID:2036
                              • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
                                2⤵
                                  PID:964
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4044,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8
                                  2⤵
                                    PID:5060
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4792,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:8
                                    2⤵
                                      PID:3200
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2624,i,3290253234703682852,10750212632849476991,262144 --variations-seed-version --mojo-platform-channel-handle=2980 /prefetch:8
                                      2⤵
                                        PID:4888
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                                      1⤵
                                        PID:4868

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                        Filesize

                                        2KB

                                        MD5

                                        0f61a1ab63e491f79a4ff43d13ba1a6c

                                        SHA1

                                        ba5985c1a172a9350e589f48844ba449d5e2e7ad

                                        SHA256

                                        05c0aea61bfd6b694491c31f5eef09f3dda5109203f3b1ab2806e334da6ce5a4

                                        SHA512

                                        6f7dac81bd6fe7e69720931142e188e0d0614d1b57413a99bde29178df7e3dffee25b118fb7fdb156c9f9a1ca16c8b1621b11afd725064bb36f86599707cd750

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                        Filesize

                                        40B

                                        MD5

                                        20d4b8fa017a12a108c87f540836e250

                                        SHA1

                                        1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                        SHA256

                                        6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                        SHA512

                                        507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        12KB

                                        MD5

                                        01d042bcedcaf5e11783e02501809ce7

                                        SHA1

                                        cc144bcd95fd75699c8c8894cffda1503e7be08e

                                        SHA256

                                        4288ccf6769be11c3cd7efb66cba1ae5f886b1ba6b5b2151ec5e59b80ed3fce5

                                        SHA512

                                        b2fa232a94b64762139ed2543876ec395c041cd6863d0202fd457b371cbf464d3fda0d27e66d8abe943c4fd67492f9e920d83fe2f3b7684a03d075c2175225c9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                        Filesize

                                        30KB

                                        MD5

                                        88edf2446f12e3e7f08b78b132279ca0

                                        SHA1

                                        7261714a0338a854811f1bdc9c972a86d7511797

                                        SHA256

                                        2a996b899760c651e14ddff4af1b2f86fddcbf71c0a29e8eea35418a4b765d1e

                                        SHA512

                                        34c95fb1763ec31cce67906a88f7d410427cd44913906a70a22dbc79d4e139615f5e6c44d9fc0a1c1525039e37ed00faab370087ebc399ec81828c19c07f6c31

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        72KB

                                        MD5

                                        0b76146892d86a5d21c9a0bae6b9e1b6

                                        SHA1

                                        a17ae7ff0badad197f15154840956e1f8d1d3300

                                        SHA256

                                        998a6862b5d5241e85c97b3ee3e0228e99df619990cbbabc6cb13a04a1cc1f0c

                                        SHA512

                                        24188c722a72d0b5bb51d454d53ca93d8193a2e0fdeef35fb1d09c2f5d27a8fbc1e0836cca261accd30d84ce211daea08506b8e223c70750aec46a119f740160

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        68KB

                                        MD5

                                        f1e63b3e1d74cb29f78ebede03890047

                                        SHA1

                                        a5b58180fc69e27f88e4be1845d4fddf0f8e082f

                                        SHA256

                                        5c8cb693092d19810ce410d3d714cdab441e97ab75fe49d8a5beb4331e3614c1

                                        SHA512

                                        f031fe9fd3d22ba79fd80f0fd1e5d8c777ed5aae1a0c94dc4502082e8dad85012f7184c2ea62d00619187e03cd24855686faa45c139b8a1db6ea6fccc1438c18

                                        Download Submit