Resubmissions
24/08/2024, 22:59
240824-2yqeyswdnn 324/08/2024, 22:51
240824-2s5bxswbkn 324/08/2024, 22:48
240824-2q6rzawalk 324/08/2024, 22:44
240824-2n2egavhlj 324/08/2024, 22:43
240824-2na8aavgrn 324/08/2024, 22:41
240824-2mdl1stdmd 324/08/2024, 22:38
240824-2kq5bsvfqj 3Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
24/08/2024, 22:48
General
-
Target
http://youareanidiot.cc
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youareanidiot.cc1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdffd46f8,0x7ffbdffd4708,0x7ffbdffd47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5800 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4764 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4012560458932840442,17313161134541684830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x494 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
202KB
MD59901c48297a339c554e405b4fefe7407
SHA15182e80bd6d4bb6bb1b7f0752849fe09e4aa330e
SHA2569a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2
SHA512b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742
-
Filesize
2KB
MD536b561dd2b59abe2965d52b10625df77
SHA1d8746c7e1d313ae0a893b9b8e4ea4d50fedd9b43
SHA25600415b3d14009b4a0b1a6f08294c0a580b353c564716e757e7dbe6fafd7f299f
SHA5129bff517619b3aa75b23436a784c9156cc42267c32aa9dbf193b9c0fbbaf50490d11011ef156b8fb0d264c6778d15623dcadcc086d94b3ed2807fe9159909b00a
-
Filesize
1KB
MD54e66df8e9f3204653c28f3ffd56bc8f3
SHA10ca3c22f55bf159c677f8d164305a8667fe8d46e
SHA256a6a99cbcc1cc85a0cf579ff37cf6871a4b83da376f0acf26b78a5b55db91afaa
SHA512b88f7a276b7dceb16172e901f3b8f43535dd59592da110a12594d09d34a0ca7c0658926436bbc098138252e341a3aa5da0253d25a925dde811866961f29bd8ff
-
Filesize
922B
MD5fdf1aab88bcd693d99e702dfea5c5e5a
SHA13ed4180c93d765ed83b77ae9807ebf0f006f1e0b
SHA256f4615b5cc244efba1bb5faca0c46f41dd8c3e5fbfc57731b35d33fe9f02ac789
SHA51228f141014eac5370602de8ae872cab4065d7142e5781de52b3ea20e4a92338741b4a7135e5fcb72cb6ca4f6784d16ad814f5b654c6222b28a89f3b211832a734
-
Filesize
5KB
MD5f906c116753f568c6d027031458b111a
SHA1efa8e85f1218029f874d4303bc867b47f1adcbdc
SHA2560a027f72f0687997efc3b5ff24c791bd60617c4326fd9d62437a04b3da1e0a67
SHA5123c6ecb78276b8aeab53e81ebbc1090e16bee7f46b55e9d45e9b028b7dd7e9f9f728a7f30f21a798c6b00f9bba2a4c01e39e3a117e4a9a1bff3a9728503f9ec4c
-
Filesize
6KB
MD5d78ea343fc4c26ed64f3e3172639c916
SHA1a7981da5554dea466ef20aff043cdd470b01fa73
SHA256af9e8cfe4b92b1c5781ea3427c12ef136b5745bb16382ba931ebf41afd44e2d8
SHA51292a6ae467b51dbc62e304d354b0e7d37af40429c40f29965a91c0e2613664c2cb575da5924d194815b1b02b0360b01bee8c70b576a3f0aad066142ea76c9de49
-
Filesize
7KB
MD553d7ca8facdcfd16fe1f913172ad3665
SHA111f1bd449f3ad08269418f6a84a11b34bb9c8a1b
SHA2569469d4338fa015dda4fc357a6b443d13f6ccf34ceba9012c2c2dcb9cd17cf701
SHA51261a38eb9ea4e5c0c81f86abc4e3f4efe2ebe5941da45a3751c1c1f57ba2f98f3bf4190784e00605627ce56a97599666a0ec5ac548fa1c4da32a00002ee9e44a3
-
Filesize
7KB
MD5a48a37ce67bf7f883266418e4e7ab49e
SHA1649e1c4789111ff05614d0aad078ba01344d5bd8
SHA25611059fb00971c7b5fa4e85e9b65cc8285630e273807809fefd730637c0090147
SHA512674fe9b22cc99748dd28830978aee6f730377050c06c22238e9390ecb5b9db946388851e284b77a43258c194b8c6e7474ce0086f7a14f4dae3d8cb46c7e7eddf
-
Filesize
7KB
MD57942388983eb8aca9ffd10984bdb0879
SHA1708eaac7979262e1577fe61e02cd8558103d4a23
SHA2565e67721a6da7f574e7e1c696e54f099003eeff47358458479d92074f5adc5bf0
SHA5126ecbefc1db6fe772292c4d22a5bab2696d43a13b512d0f40f2708e8215e6dcc0516fd1444514821ce6e04b832be5558c0f74dfd8ef9a3f24f45c4e126ef17223
-
Filesize
7KB
MD5a61d824e2a6dc069840b50105291a552
SHA1bf17357e158c8cf3bb3f8ffcffb96e367f97a64b
SHA2562abcf2c7e2d3ecfaad7ddc4abbdf72982b3e9a8d8bceb2ab0acaa6bdd51db0bf
SHA5127e773c1ed28e91a53c32c014e9f482358b2aa5280e3b55061e5dc7913337bff2611625e0ec6c9e395a70293f135d43c45d383ecac98c8b8ad8ae13caca61a0ad
-
Filesize
7KB
MD5b2e5e719ce48c3e0cb5b1b17c2053b36
SHA1d24189d8b2bc5d3b48e0876002b8d9d7721d0ef0
SHA256b0fe6781242a5f6c80b6394e4314923d4e963cfc15ea16ef32fbbcd9b6cc0b70
SHA5126dd6b8ca81c4c13c3e42d4a633704e72d110064d112400f9b91f3a88e5f0d69ca5ae60b7d4f255fb5fdf2f27b867182ad2fdd2dd73d9704271e8dcbd785dac5b
-
Filesize
7KB
MD544ddf7904c636ada45e1f2830b118841
SHA1474c4aabaeacf89d90c501cdcaec9007e53aee5f
SHA2565d7736880b61f63d5fc623323e50575fb23458224436fbf2622e7c35908e970a
SHA51211225cd3011abdddb3678884237934bed0b2cc176f61a56616a298112238442fb3e99509d4fa9ec8c560b7554a22776815423fa674018e0a0daabe40d4a78c19
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50de334de091ecef3fee54b0fb34226ff
SHA1d41577201a528e9a2cab01bb7102f1d00fd02c7f
SHA256cadf2a8b547da05b6af20aad12fba66898e44d03f6cc7c2120a79dd440386593
SHA51206b71c6ba2c3778126af3902a3650c4fd9269286ab0ef2b4f2b2a79fa77a5bc8ec95a7722255db83f0d5211ce3fa0d3664769745967540480779f568650472c6
-
Filesize
12KB
MD534894d41570588521f355fdff7d9092e
SHA188e2b955faff82c9d2f41dda38fb593044335267
SHA2568194595dcb0522eac5d642ea9d9b6722a44fba8c20c77ad12444e1a34987278b
SHA5127b4bae36aa866f0c5c771d2d1e601cea47b68dafe8ec81ac3f3aa429d34f585c52f6da5359b0fc1f524409fc80d48582564045aae6bfde55e67610d390d6b40b
-
Filesize
14KB
MD5e60c75f9e1cf400686c048f1ee2760a3
SHA128aa0fa146400ef63ea0c79269fa7f647bf3c96a
SHA256ea679a6c8679f2c2e694c387d9fec97b875b5d28972d8d0c7c643dcfb270478f
SHA512fd421bbbe05400c430a55619b335efb487dc59ed4506f5f154146808817e40c94167562363e34f75df1585fb14eccaf2b6c1a17cbb9551569ca3a9a305756f60