Analysis
-
max time kernel
79s -
max time network
76s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
29/08/2024, 14:59
General
-
Target
https://dataroom.ansarada.com/share/9eaed1f6-37b4-4c5e-a7d6-bc924931d768
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dataroom.ansarada.com/share/9eaed1f6-37b4-4c5e-a7d6-bc924931d7681⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e84246f8,0x7ff8e8424708,0x7ff8e84247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1589806204120042131,1379268759411425007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
720B
MD5826f4fe7940c9b11152cffab2a1f799f
SHA1c9e09082f7d0bac4dcf29222d44e9335df1994e4
SHA256d82e3a92c4865ea641c1b35cb98fab6e4fbb60bc4d6708e6d9520afe98e42e88
SHA51282270d167188ec0406898562d0e83965a5b318cb5b88a20be1b956b7791a378eb3e6d1db849400eda77bfd1907624e11fc9640a52ad540a2d98bcce39c4d6272
-
Filesize
1KB
MD54295f7f4a8e6151854272abfcf89f2d6
SHA10c9cc346bfe9e488fbbd4c7a5a407422ae8be0d7
SHA2567845203c80b2593f1faa86b12d4be72e4bfb25a5142910a375375dadb1548952
SHA512800ebfe13c4a1a5d0553fdf10193abea060b53767b71af45e95efc3c978b40eb30dd246bcc093dc5e23e7ad98685062f4105e3a6574c2a71b14fa03532a8f296
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD572d0fb1193e61795b36d523e70a2a90a
SHA11343093c2fc89aecc64b2796fdd895589d50aab3
SHA25635560c3504056c3ebfb8c66e80d565b74555abf042749bc1521e8d158e065645
SHA51234ffeb9a3db5244886ee7bcadb6e7cbfab0e0216cdca7d00dddaecfd2042813d4af12dbf46aaf6dc1d5543be95e24f8a72347ce417bdca740a8e2b400adb4e50
-
Filesize
6KB
MD5b9bc491f9b70f6bdc3b19928af352f36
SHA1ae39c7ebe010cafa3e0e792cb73828c58eb97dbd
SHA2560a4ee2cefbe372a9687b5c30c5ae2ac820dd91d6cb84b98cac27d7501358de74
SHA51222db21de837cf9b534711d78af70c22d7a610150a7ec931aa01c3e3be37dbb160416e7be82747fefb72b2626cffdc375d400501611da4dcef787d4490b97685d
-
Filesize
6KB
MD5c4b0678f8d8b5449737001d129dded9c
SHA1a7a6d2c854c22a340964c1d535f6fb1257d316d6
SHA256b0bcc204c8ffdc31c4494e77ce7cdc04f7455e859b00c8d51c7a54da7b198a66
SHA5125e14ec61acae5277f5acda6eff645b3aa662c0fbcad7ce212455047a9fcc872f8e5848102864dba9eda79fefd624fb30f40bed3c8f579191801c29e91563df93
-
Filesize
1KB
MD551409d00f0ed44a8998bcf05675021bd
SHA17555c0d2e206636746a961a5fc7113b2d064cc18
SHA25658770f266443220126da57f826f88fd244ea8372c28cf316ffcfb0a323138233
SHA5124060b9b8ea170e95da88323ebf55be9d49b2e37fe6f982bbb855483bda45415c5169940ef29d6250943580b6c53e8b10bddb5dd3c25102eceea701348ec3a7d2
-
Filesize
1KB
MD5d184e026a1a184f517569e63b12a32f1
SHA1ebbf41a779d55aa325489e7a006accce53e638ee
SHA256a6fe8ba0e90de64fd102258dcc10eefb957538cc60c9a6e577b64e8ed3913dd1
SHA5123dc98314bc519a6013639d96b5ac8e5b5ddb74eaae0272b14790f357df2f0806143078babe00f657f9f9285d4fa9bef12476de5d0b32da915eb1dd9af37aa1e6
-
Filesize
1KB
MD5257cbdafbd5470f030519b0fb9c814a4
SHA10c01960d67efcf183323a58a97b9e9ce497584ba
SHA256eac485cf6c5e03afa01110745c2754d66bf929917f55690b2e6d2e3f051f1aab
SHA512e6c2d03a06e49047d8f9f7f04bf108e76d8eb71f71558f4f31aadaae7f52390ad74652e7e3ebdf31f01c114e5914fd5eab291b1ac2a9958cc3d91d89f32e34b6
-
Filesize
872B
MD5f6aad6e2117154b1ab48c2284fde3d6b
SHA1adc1813eea1b9e0ef344fb5efc5d5e92b478e834
SHA256d40fae9907a370fb412fcbc3ee8a76ade4a36f74558b57d5331c4d07d10e69d5
SHA512cdf9d0e598512b5c5ea4ac3044220ce9e79bb6a4a2b547fa56fd7a7c9016b2854871eba97ec2ad7e644c9d92a4eada6251083d608d7a47b991cef3b10687a808
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58cd915a7dcbdb6d559d23c0da94328ee
SHA1e45a82fb22ed0524d275d50afd2c7cd006ca95c1
SHA2560c268edd507ee154fa917af0c5cd67aea28403ca83d3d0d94381fe9718033813
SHA5125e31ea1f2821241087dcaa345f7451584652d1c6c210705d0f4e81ee39335403cadbfc014ca89af0b1d1f0734114b0134804f799c89aa25f5f163d5244d6844b