Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27-08-2024 07:59
General
-
Target
https://drive.google.com/file/d/16_0gjGT_jsGt9-oCAboxi6y4LBKVyJe5/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/16_0gjGT_jsGt9-oCAboxi6y4LBKVyJe5/view?usp=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd171146f8,0x7ffd17114708,0x7ffd171147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11591114782245079682,16545013046927778219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
6KB
MD5c8c8b13d2520d5358c78c562cde8ddcd
SHA10e1f0c19220e0f8999f34d566e288b5de6837ecf
SHA2562221e7345e4f78ce1a626b0a5c8c5dab17b9ab4e6348e2f41a72953abadf618a
SHA512779b0de4b53ef69832bf0f122493de708b781c7262761ee69ec9dc04d2d642c49361c253739d93bc1183a6412db49c2b1245885089501da5ec9faa2b85efbe38
-
Filesize
768B
MD517b1b251d97cc2ffd7135a08aa948581
SHA17bfc516cd41584784b9c357659bc8be85d3b3639
SHA25672143368d454e557c2bc1f2e4b0b68b427bd685803b4e3b4af2cf38d2d257ff0
SHA512f2568cd12231adcbaea376716f6d65de74a53bbba291122459515a6c88bd9da12a3d3d915d4b778547f09b2c2d94f677cbdd4a5ca052404ec35b979f9d6a7859
-
Filesize
1KB
MD5f3d203c035e0a826f56d112063cbef79
SHA1380220c5f297499ad1ecafbf7c6d2ad76c1c4a4c
SHA2569d4d461622ce511263cbbdee8b2e45f651f9394163dcffde2e112636a0830b37
SHA512c011c57055feebfee77ce3711adb54cffa62700be3b4de918850a60970ba9ee5da915aef1ebdfb8c559aa943b5e0084009d94b3731de4caeaa21caa1b85175a2
-
Filesize
5KB
MD5a9a537fdc3d036459b3e1102ebc23bdf
SHA112e0dcbdb8f1eeeafcb5c87c5ea9cddfb50f366b
SHA256283abd3311b758b5843db445283bc795ed1ba5f7ef07b10633ab64ce71509d5f
SHA5121100e2c5f05d8055812481e810b29a6998f66059d8d7f766f3d65e7e6b81beef68f39315542f3f50635c9bc9006be92c898f6fe86a50260e4ed3673b16f4f0e1
-
Filesize
6KB
MD5c6a392bcfbe2c9cca59fe813c53fd37f
SHA11099e48cec0a0f1f621ff583c2dd6ea302d4d062
SHA25629103afa97ed9b07d444df617d81611d232fb3a438ad4e111ec853b5addca953
SHA512c4b88c5dc26bb9e03d777733372654624ff7fd0ccf5fc19022ce42ed7ea6d31d7e6d91cb8e71bcccefdfd9e9933f99fe8994d028f637a32bd6b8d76c9bffe833
-
Filesize
203B
MD59d88d785ddf98799b729abe310e32f0d
SHA1983d74f333d4864b5611c62651bceb0ce3f7ea6b
SHA256d1b5761ba289d5e845041955a17850e90af1177488f8835be4fa2a0d73de15fa
SHA5128d2818d54fb6c17cad3c836783a1e13170544ae452056b7de488a66baa71d2c2603a36ed0b631b4dbab789f5a36e0748ec7e61b384e01c9bf15436d5473afb17
-
Filesize
203B
MD57d14e75a75aead87b795cbdf8e81cb2f
SHA17948e642417bef63c62ec91b5d8a9a6d53c2b7d5
SHA2568d3510115b47503cd144e3bd90c757ed03c92c3a9d481e92cdcf76509f8c9f3c
SHA5127be4de1aa1c7cb2c78a3f3702ec505cf2a681e29bf3e292d710cc3390d895eba6441016de3af8c5712f66f21fe7c65eb64e44ad09bca5db8de29e2808f77e149
-
Filesize
203B
MD5318564fd1cc56d8413bc2eee1f782d54
SHA18bb76293d71062407b259ad0e9d51362134401f2
SHA256ccd230929ceb0fa8125458caed0d136e915056c96b637baf3dfaa3e93675d2a7
SHA512c2393ec6d444a4095abcf63018dd43f3281300819158aa473ac44fcc8441ad761c98db85b100eff1b8432702693091d2ebbe98eeca8b3f46dd5ef5810758d84f
-
Filesize
203B
MD5ea934740fea9648414a0f15fa4f1b791
SHA1bc726c9d984d9623864e617de4d4ffbfb816c881
SHA25647d6f5cca69b81415c62cd8407cd2b5e6d5f96327c38a1e963add50fc3b6b69b
SHA512026f1c9bf9fa0ad08916e76fff36aea1213fe99093d4152ea13350cff90fb38526193a29dda39436b3ea70975d1997c3d37ddcacdd4790a651435dc0563440cc
-
Filesize
203B
MD5a13fa8587fac78494e7e16b303446815
SHA1a9415c32fd233062e251122943eafc579a39ea17
SHA2564eb63a5d6344b666a0b74824c6f8cc5f021da83aab8a4d7656fe393c22be8739
SHA512d8d1e97b890536aef0a43ab30d3d00eeab0208b31714eccef97c468b1e90833cfaabd259fcec6fefec21aa1a89ffa1c29fecd0f93d988a95100aa60f14511e5e
-
Filesize
203B
MD51574efb672902f3ea3b14049dc4ab6cb
SHA1463ea7774f3c099afb6dde18bd07fae2fb2d62c1
SHA25622ba2848c780355a49c056d88f8f39e8cc366cd55d7b09bc0d1b8ce8bd577fa8
SHA5123afe208726f5e42eef10a2bac5bd2143296246fa750c502d638790723d42cdc692033f5ef2b047a947a4c491aa50668d2cd2d4c2f6971bfd093698421305c047
-
Filesize
203B
MD5d18510bb597d8656d9e018503dbce4f8
SHA1181075116608c48f371721c52956707f6f8040d3
SHA256bc950325d73df2aff572821d9dbe3f8dbfd25e508081fa6f139262817a0897b5
SHA5124d42e241df12e3916a38060d8397b2d7f5636a602634c637224f67936e6512971a55d39ca9165777e00bfc63a4cbd2e8daf80d5f9defd65c1a1e856199b26166
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD598af3fd687d5fc11b131127f11006a42
SHA10b111573d1de3d60398df8da0a5309774ef7badc
SHA256572bc9b96ab2d050faeb1347d169534311d39b8d37b1d38b9c45e2380bf9c3a0
SHA5121a7054c595abc9e3b327ffeb3ee294672b7fe8369718b5ebcf61c994301d96788f387a4de7b2a90d90bbf26fe6fe756bb72d5595cc78b6150fd9005fbb569d71