Analysis
-
max time kernel
42s -
max time network
44s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
02/09/2024, 21:56
General
-
Target
https://download2260.mediafire.com/rhakh22kfwtg9IPtsFn5QTq1xTu76C5NojfTHI54mMxjeBRxuf5Sa-vwUduPA2aCmyX7FuCWlZ5xONt4k28KZvNieL7kHGCAJundHZjpOb9xUp6e2ZBozYuLgAGgQ0AvEfCrCa6Prd336PuwnmlP_Oy4NLf_tbW0XQCwy_-95hne0A/h9ua47bcn6z77e1/MeikyuTexturePack.zip
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2260.mediafire.com/rhakh22kfwtg9IPtsFn5QTq1xTu76C5NojfTHI54mMxjeBRxuf5Sa-vwUduPA2aCmyX7FuCWlZ5xONt4k28KZvNieL7kHGCAJundHZjpOb9xUp6e2ZBozYuLgAGgQ0AvEfCrCa6Prd336PuwnmlP_Oy4NLf_tbW0XQCwy_-95hne0A/h9ua47bcn6z77e1/MeikyuTexturePack.zip1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe57513cb8,0x7ffe57513cc8,0x7ffe57513cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1720,10125831555860957952,1463399111545692186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59828ffacf3deee7f4c1300366ec22fab
SHA19aff54b57502b0fc2be1b0b4b3380256fb785602
SHA256a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7
SHA5122e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d
-
Filesize
152B
MD56fdbe80e9fe20761b59e8f32398f4b14
SHA1049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f
SHA256b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942
SHA512cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234
-
Filesize
5KB
MD5d284ae31fac27082b45f8ced9772316e
SHA156d6de536bf82bc72c29b0e014f03e2b7a521c8c
SHA25675ae708ec74d0c806d9e3a22a0f0d3a212718abdff616f425b688abd08a74cf6
SHA512c4f8f2581fe6804e623462dfada93f8f9c6e54daa7bdc7e7f38599c6cb915890969af6ba5c1334e79581d4869474c10684838f1265e8467d2878fb31456f2d74
-
Filesize
5KB
MD5e3cd01602821f1b41b5fb9893e63ac18
SHA1c682187802164b4280ec1fd088564f61c85e91f7
SHA256a11bedb99ba563996b3f8a6edf3b1ea48f1ea609800075a3c1793435d1c19ecc
SHA5126c15d332dac7471071d2ff9d1ed5dab18cedafdaa2a3ef3fdd2b32cfe0565db134399c4da03690af7ac26d121ada6803d8df790588e162d1f56097c4185cd858
-
Filesize
5KB
MD5080a9b176261cb509c088b908d5962bc
SHA15092670bc5de04bd25e7ea133803e97fa40da293
SHA256b79ff4971efd52466133610d478c301663dc780653b69703000e30f851874628
SHA5124d6d521b21bc93d93c420b6d0194e29134a75d704ae6a25beb8609e3f8e3e7b125cbec15f8a1c5ef701330e334f9b8e107245cc87f799bd6798e10d94c15d694
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD546e8d44b73d5186bcc68bd3bc5dc8716
SHA15b9c803f584f1fac07d77ba291b800ab9ff94ca2
SHA256b1336ff888c0a9079c5a86b4284098f2df7e1532c1e491acf5d8195ac7602ceb
SHA5126d7bc25eb73752d76e32bab0d1edfb55927a4b600e53449d4ee19e33d8de0f83814b0f7b98b838a7f6b1afe34dc9112e576a9a7c25284473856f0ca882bfce27
-
Filesize
10KB
MD53a9bcb1c794987bd45e49b7ffadcdbe2
SHA102bf83607982f07bb82fcc94d525e4c34d8d695c
SHA2566f88b87d4af64685b73700f2650d5b246738579030fa6c1b648f1eb4ef91a2a3
SHA51209e049141e666bbd51eeab053ed376f2efa74a1f5e32cab34a006c44072b37e70d8fa626f7dc7fe91a2492810f3ddbb98452c4cf2fcc5bd2d7a013503d084558
-
Filesize
10KB
MD545eac40a1590c6b9e1759f33bcce3f29
SHA1d71cf1e683b91c11f2ff95f81451c1bfbcd76b81
SHA25636687f4facdbe844ec44953158fef207534c47a28a90648c7336841c50255574
SHA5124ca2e4b6243bd553ccc054fac07d0418f774671fc431e7ff7698261a9be4501e3a72270f25e2720fa7b2299b65de1c75cc1cb1363d0382e1c23e57a72f43a529
-
Filesize
264KB
MD50925679a601be7292efc5585c70a2850
SHA15ed3ebe8bd3e80419846d31aaeb5a82525fd2bf1
SHA256cf932207f5a75791d62e936c5b94e695799c4fb0e115192dca485750b7419b17
SHA512a90189afbd83429b66b7f472491f315478bfe4e7bebbece5a54288906e6e6235fe6bb36a7c18adc2e339edf073ebd351a2be1111977159b145b6367e2dc9d0e8
-
Filesize
24.2MB
MD5a445c8d2167e99d7f4abce22de838d53
SHA14630c903547b84de72beff199f6e13084eec0d21
SHA256e3f9c707a884d7108a9564feb77aa4b612197eab9a9af7ea28868dd1039832ae
SHA51293b48f35c8815609095aa6c51463031686e2fe3c2a729b5875b5797e66d45fea9d6d156715622dc7e7405a2987818bb414157f91b5b542389fe940f509a31621
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98