Analysis
-
max time kernel
151s -
max time network
277s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
05-09-2024 08:57
General
-
Target
https://www.ipqualityscore.com/reverse-phone-number-lookup/lookup/PL/48459069734
Malware Config
Signatures
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ipqualityscore.com/reverse-phone-number-lookup/lookup/PL/484590697341⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdda803cb8,0x7ffdda803cc8,0x7ffdda803cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4908 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4672 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16135811303447650778,12208718745119590196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
17KB
MD542760e3c36ff727e729043b9aad0050a
SHA18b5ade618092d06b6f7a8421af25e75a352ec187
SHA256b72b8a4bf051e3c960e050d77393b8d58531e66fca08185def100799a9a18493
SHA51264d338f8d053c386d98d63267c67f13f4dbf3a5df9ed52f61a5d972fdbca10f8571590c4fe31b25136bc4312b3aee433a44d1914ebb3e7cee70b07fd451c8d9c
-
Filesize
17KB
MD591b004f7172f2523c7338420c4b2adc7
SHA116a3df8311998c6eda42f58ec44d07dfacf3d5a5
SHA256f8fd20cff721de8f56e393ed7bf1f3d14be904a1d8e3afa4a9b8a447a6648811
SHA512d6beec5383e778c5f62f489dca4bd133b26474716bfd4271fa3ce00ee1d6e115d5dd19e468c7826e63fbfe1a74008c7ee6a63ef76c04586491c2a444793ecc71
-
Filesize
2KB
MD5add993aa7d04d8c02816908e7997a18a
SHA1048c972d1a8bd6a2b931ccf78f3e388c1fcd8487
SHA2560f36f1d73f16c619ac24927ac477ca2a3be265ba4b9c55b7901045a4ce8746d3
SHA5126f41773203df396da67eef9c6552ff6d224aaca9a9886a5742f944097bf23ea01b3d2313c83c0bef6e66f60e4b20dd1fd54c72d2b740f8852c3faf7de2373306
-
Filesize
6KB
MD5c96a292471d4743ff7e69b0f4aa2b9ad
SHA1734e27ee5e6ce215d38a749357dcfe510e0bc5ed
SHA256ac13bec9429a3feda07e8f4690c3a3268b4f59920b12164f1da48cdc3de8632d
SHA512dfe3766f18ad5e7da418343e21175dc848231965768b0095328fc15eb46215866a754c929ad68a5c20ddf0a6d4b4e386ce9b70b32890b291951d930e67f22c57
-
Filesize
4KB
MD5faaeb2bb7664f70cca8618b93382ce48
SHA15d418d088549558477037c3cc2dfb25a361ed1e9
SHA256e503f44825735766b11d8c5dd62673940b2bff507c9910d55fd809b592c54fa1
SHA51256aa435eeae741eb73d0eb8d933132158397b98c24b41c7269834cf2292a558fc9bf67e5e2c223a62afa5b177c9f805128db3e4f01e5ec6f35045f8a0c514932
-
Filesize
5KB
MD5a2fe609b759c4c61a64f0e28729bf759
SHA18fe8cb676f6c69337735a86909cb1520e02b1ea6
SHA25657a040f790722138b46e92c57d5a2cbe7407d3c1f41e5e67973b057acc02fca5
SHA5128d490163b438ccae8304b387126940ad52279c03636747e98988330bf97151c49a753c7c87bf8bb3b7daebee498c5a5fe1a88a71bb3b43e1856ac0a539918331
-
Filesize
7KB
MD52b138bd00d003ee321fd87ede0f332f7
SHA103fb34938bf473593f4d43f8704f467cdb4d2c83
SHA2567e5ea00fa1af345728fca67d14640509f7528fa0ab480b6a4aa6d8d646889870
SHA512fc7a8bfbd8d806f47343663186a6f0a5dd849afd856b19d80fb321b76dfff28451a74e5367158bd7c73c43db8228d6ba0e230fcf009a27e8fb88cdc21b89ee9d
-
Filesize
7KB
MD58374306e3eb896931fefc60a4264478f
SHA18c47bda50e8e50f46d0bd9d44e8a57fc6c275a18
SHA256f2050fa351683e144d6cd120365f5efc2553d564741cdbd803e9047a55f93417
SHA512bf1bccadbf522678bdc849faef9ea9cc41ced071c7208f9861c5e0dd4f979fd3103635475b51048b1d20b1cf15cc1d40be5e399d6db74072ab7d68b6827e1222
-
Filesize
8KB
MD50151a2f03ba4a28c880a8aaec9aea689
SHA109adbb31379e81d792a81cd8bc6acd476d94631f
SHA256db9a72520f8725bbbfd500463a9051cf3c24f5d3056c440deb2a1de49adca6a7
SHA5127a6f02732cd7ce22cd5167edf3bb7bc59617a6abccf5443627952cb2bef191955dccbe990ae3f503d25e120118372be82ee90954b0c285e8b76d7384539a947a
-
Filesize
6KB
MD5d2372b5ae61f1771e5a8503f3d512568
SHA1edb6ec6fc6d8153e67001f8f0dae5c0b286a5167
SHA25662e827abb83d65561b44797d6c7154d7a23f622f2a12c7ef7cee2e85ae21bb1e
SHA512c2b9b050bcca5e87461ee701a340f566b26c55f2ad788882e86e00f6f0e1e3ad2a2fbcf29e9d456bc073663c5619fdd2c756e0b401cd3facbb8fcc625540bc63
-
Filesize
8KB
MD51cfef67d4129b264b9b1a01987fed615
SHA19dc820db683a79f2fab46a14e262ca32a556b49a
SHA2569d09d89f77eb07d0e704dd239f395d7a5922904c41ae9cee852e0f6a645d0ae6
SHA512f3828458676410a36f44a4937f8ab63b417fb585eeed3a5e988b8cf4a25e50dba4c0678d34e838fd4d9bd6aa81f8c11ef4e6c895e3a3ceeda2a7da4ba0333bb5
-
Filesize
3KB
MD59fbd38ae2abd43a4139b52d9e37bb628
SHA1215b4869a3db12fd5b8770ce26dae0a8f39f61eb
SHA256821add1ab92314b1678e0535b286ccdcfd8443bb42cf5a2f5aa1a93f52f0b485
SHA51254a42446797834fb2533226b58474da005c0a5e2f2ef410c338a0d92b9b4a90e06cac238c0e7f3a66ec26bf9720a0f2ffa8ef9834248c39ac88ed7dd280043cc
-
Filesize
3KB
MD5deb4501edcc0d7542ed07b209a27d26e
SHA1c62bf3c5863cf516cb90bcb05d3f842c553ee482
SHA2566a8d9e528611cb6cb2b31a4f11e9d3cecf6b527261a75d1245db510d23f71886
SHA512ff8a7ffeac17c8d6cb20e08cd23251e16b28ae51a97b4aa9ae72e40eb2614f5abae5ff433f9726d07ed1c857d24ebd17a4d4df72ebf63f8cbe985f2a476732b5
-
Filesize
872B
MD583dc20567fd859878e2e62c3dd6abfec
SHA120eda6f20b6137445d7ce4919a21f14e10cd63e0
SHA2569b82dd54b00cbeb11d3dd041d8eba65d91742acd959c403c6041d08df1568d9c
SHA512ace6224453620727c33c31ccbc46fa5496d8969ca9c56cde3caa81ac96f0d309b4fab51ec05aa47cf79b8284f0fa07b0fb85fd8023e2be9fd32ba8da4e769ffe
-
Filesize
370B
MD51e171ac46c793d01b6a021fc533f0f7f
SHA1e8772b144a0146e8e595a914ebb190fa509a4cf8
SHA256584e4f2114256ce5a540aa24bafc4556c16e674b2de6e9bfb5d9cb1237c8de93
SHA51218aa125c222d8f9a608e3dd2b34b67bafb177fde500fa3abbfc90a2f76cef3fded5d79bc8311cbf5d7dfd660cb14e0181540666cd32ae6a3cd81a181e6e6e63f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c36e1e6d1661237ee735cfe52eb46aa8
SHA17ec793c39aeb0f848e773768cbf4ea4a474a4764
SHA256002e92631bf32d6b2703ac3140abd1f2ebb49d3e0ce47acdbf82bf6c8e8a2bab
SHA5124503c3e5578c7bd6b73fdd191c54ff306428db6880a4d7b63df2ad1303a6170f580aa5374390747b55b9b965f1caf7c9911d743f18eda9b012bbe0b99568a7ad
-
Filesize
11KB
MD529d2aefe751da119374dbc15a7d98bb9
SHA12b42ec158f8cd86ebdfdaa02228e37b7131d3441
SHA2560303aedfd1b96076a9d4167fb8620c653a98e657aca1e3736658a66d00ae8054
SHA512a36e7548c8b2b128456e567fdc12d65a3d17a37286fb09f17e31094743a68265d6cca0bdb4054e05f2558190dbc1f7ada04613a0c8d6d16f5e405fff12c28be8
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84