Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://tesla-promo....

windows10-2004-x64

Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2024, 14:30

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://tesla-promo.io/

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tesla-promo.io/
    1⤵
      PID:1644
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3324,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:1
      1⤵
        PID:2316
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=2208,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
        1⤵
          PID:3140
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5396,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:8
          1⤵
            PID:4032
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5264,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
            1⤵
              PID:2652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6060,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
              1⤵
                PID:1552
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                1⤵
                • Enumerates system info in registry
                • Modifies data under HKEY_USERS
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:3744
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff830aad198,0x7ff830aad1a4,0x7ff830aad1b0
                  2⤵
                    PID:4232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2396,i,3643642559806148681,10550180414838565291,262144 --variations-seed-version --mojo-platform-channel-handle=2392 /prefetch:2
                    2⤵
                      PID:4712
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1844,i,3643642559806148681,10550180414838565291,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:3
                      2⤵
                        PID:4548
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=1940,i,3643642559806148681,10550180414838565291,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:8
                        2⤵
                          PID:4804
                        • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4472,i,3643642559806148681,10550180414838565291,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
                          2⤵
                            PID:2032
                          • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4472,i,3643642559806148681,10550180414838565291,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
                            2⤵
                              PID:3620
                          • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
                            1⤵
                              PID:1816
                            • C:\Windows\system32\LogonUI.exe
                              "LogonUI.exe" /flags:0x4 /state0:0xa392d055 /state1:0x41c64e6d
                              1⤵
                              • Modifies data under HKEY_USERS
                              • Suspicious use of SetWindowsHookEx
                              PID:3000

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    b77bedd08674353fc7ba0f0f87cee0bb

                                    SHA1

                                    49dd8d5b6ba9fffc796444ee103a4ef7389fbfa1

                                    SHA256

                                    c9504d955609824b4e8a6415954ae78678f94e98ac90d1aa97efde51e4f9ba8f

                                    SHA512

                                    13829ac5102770a2491b80ee68c2c400e7ac701d25c3bc78a90207da6fa7fc116a098537bb266274c540bb1af8b6d5e48f9ec305a90d10790e3d20016cfb2d4c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    44277385189ea21113e6883fc1d9b537

                                    SHA1

                                    d8a3b0c65cf49d640281cc09b0fba16f24a0df75

                                    SHA256

                                    aaa40676a757f21da62d05d37bbce00ddeaf5b12597e443fcd07ba8421bb1708

                                    SHA512

                                    72178aad482c06262bc420adde660f830d6102ffbdd126e60bc7013fb6905207bd63d0344b3573bf4abb23ecb9997694eb704bd108b187f2d4e976d26ea12d19

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    30KB

                                    MD5

                                    495516aabee4199a2a5702d653901d5d

                                    SHA1

                                    3f18063afa54b8f32cb56637287504f431cdeec7

                                    SHA256

                                    79dc2643a5b2b9748dec8515dc62f889e2d1262fe94a4a5f073b01b490ab55de

                                    SHA512

                                    159d2bd1ecffbca1e7cdfbd0b574a1fdaaad5f330f7d156e105238cc3df6d59845a6af33f6d6980c24e567542343f5aedb0f10ade66078147a82160a13cbc6d4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    52KB

                                    MD5

                                    087c12da832e02d34f84aa8093f7b19c

                                    SHA1

                                    eaee33ad310f666cb0b44f8401f030e9dab2d15e

                                    SHA256

                                    39688de68de15fc68f681e27a4d24c66f5e047d475845f893696656820914331

                                    SHA512

                                    15e0a75ba279b73b977749bc164b0c4878ebda77c7489a23b83561b3188f1e7266715a6235dd88910464e6f783a5e8bac1c0a2ac4a9f2a07b70666730d9278b5

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    52KB

                                    MD5

                                    514a2af7134efdb366d57c8298f2ec4a

                                    SHA1

                                    23efd6ee229570758f798cc3bf4a35b2d4994ad0

                                    SHA256

                                    97dad0c3881447669eb36b96ef115255d86532e5dd8ae914b20a417eb384c2fa

                                    SHA512

                                    13dd9646113b6b8838a6b160e9584667ae7ef05c274cae189ad7f9fa557068c9d418e7a25de2e5743ef11458ec225146b3c8f99946d9256527dfdf92a7809eb6

                                    Download Submit