hxxps://interpark-ticket[.]cc

Resubmissions

12-09-2024 02:23

240912-cvlvxswepm 1

10-09-2024 01:09

240910-bh1b4szbmr 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://interpark-ticket.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
712	msedge.exe
712	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe
2752	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 2096	712	msedge.exe	83
PID 712 wrote to memory of 2096	712	msedge.exe	83
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 1520	712	msedge.exe	84
PID 712 wrote to memory of 3132	712	msedge.exe	85
PID 712 wrote to memory of 3132	712	msedge.exe	85
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86
PID 712 wrote to memory of 1948	712	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://interpark-ticket.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6a6246f8,0x7ffc6a624708,0x7ffc6a624718
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16232470742464980777,18140955348588074812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
715c79e5f50f4530260c4456cd414d72

SHA1
b8f156341cdef9b668d4a820b06fbb1e4eb48584

SHA256
d1918937db9a519cacc80b9ee812eaeebffee72782dcf7a189022909046164f2

SHA512
8fee1f9df28e7ec04a63bc85f5e7988fc1de0c94b905c58277ef00bfaf645e3f7359d9405bd726e420cebe898b687335e6d36e17a5c740aa774e9e3d249dfef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
213af7ac1aa72e2c0c316743695b7cd0

SHA1
c93bf2de82958073a23b3a495356118ef718cecf

SHA256
f5680671f5dc330f962eb3de4164654e2c17284ac3a109f687ddabf104e25ce4

SHA512
d0e11f42a046682805d18a0a133df1c8c4272b94117de503dd4992c34f93e516b7decbf77496f45768aeb1a95f1493f74f5ff732e9b42efa6bff1b47e9b0c1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
97KB

MD5
a5943aa35de66dd30b0c48c25ca6d839

SHA1
bbad68a74ae67e1059b1179405b84a84c1972d53

SHA256
52052a78f69c6f800f32e32e8065e1508b0355d2eea9f13efd75dc38ed25986f

SHA512
cbcb60586eee6dee0fd980f79ab329ae28fefb3aee11c438ca1571f92b840a836287e703395b6f70fc47526a58460d613f8139c17d7fbada6a7904e19eb97b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
6297320072a02b2d822d9b2d7f4b0b3f

SHA1
1a5d81de4857f22b2ac562642c533ba20a2bdc6c

SHA256
5f1ea693f2a6e006f86f6f4f19d8fab10ef088e3da6e9f1525823e179293dfea

SHA512
095b88130ef84bab170446edc710294586dd0831f167c3c9dccda36941174e118a8b2029753885abd243e87682a0865e115603f7693863de0b46b658353910b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7a95ca709ae77a6bd2fdbe15485c640d

SHA1
8aa1e06bc524050747e32a271f895e879502fb9f

SHA256
7f1e5e443f8b9d730c1d1f481c187f0349dc91527057ac34cc141c6879843918

SHA512
c87e6db608a305dfa2ece177ec44845d3e9450f198428fca08fa2c890690dd2a65b84d407f9cb9be43fb25e355b224d280d2e2ba00d7f7e4843f4ca672cae532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61c5c2699fde89510f3a429e843545f3

SHA1
2b2db9a195a086f4d41e22a71b41a37ce7a8dac4

SHA256
8320d3780434a5138da81b0efb5a08dd6282d96689631177d68aa4869ddc9594

SHA512
b819aa572d251a8879c1f1d14e136d45fe0002a8e1d691d8b351631216329a704de31b9f2eb47d6b2875c96e8aa863145c3757f5f1d5b6d3e75160c34c430c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
82eb4c36568d6b889adb69c40a931de1

SHA1
46b7ee2d15919ab2feec6ae6efef51ddbc9b4f92

SHA256
a3aa5aae1012eb9b96c12b7eda58fae81307efa45d23e105149b89963bdd5946

SHA512
21ba1f54a0176fb8590e30b9460e7516915524a8022a1ddc417c98012bd5dfb55d3ba8926d44a4665aa9e3a1655df1bfb773e4c943bbb7e3616ed87b78cb2240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e73f26a148391a0c3f8fc7fb78048cdf

SHA1
34ca114b0c6b98e0f20511b2909db1aedcaf6c6f

SHA256
86f34c021f33474ec849fb036f333af6e9851e69421b14c41b8a78a1c2e4fee6

SHA512
d3a433c2794dc23b1c3e9b987d8f6c4d44c158a52857ee507644fba5eba41da33eb64314f1bdd4d5bc3b4f50b2372ce15f9954da7e4e34060aee00784b83b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0fb453ec2d58836f9ba1e91df65ff4b7

SHA1
6a145832d45775e83f1644568c26e15376059c85

SHA256
c01dc58ace010ee911c03e6062d378298c52b431baf7740dca3f83b998976de5

SHA512
7f98602be8b57c05df11197c3b483b75b7f90a2e0038a62e6e5491f06dc5ed07305a036326054d7e44f2857206f91e7e2a3dd5348cda5327ffe00db496902490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80171e8de7d07b9bc9899f5c75425b03

SHA1
8dddcca101227adc74c8648499fbc9dbb151314f

SHA256
6a7f6538b5de354cd06a4a7cd425f64db3a5f61c7313933bdcc4ed5517298e2a

SHA512
683a93825b0ed0fad3a201885cc3ce6f199426dd7e9cd8a9399414b874e17ed8bdddac89536e29fec1bdd4f1983489b0a5424ad259b54d6c100f5a8374f499c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
153662eab5e70c19c70995665fab19c6

SHA1
7128a9a968aa0b42637ebadf062fa364a80b1549

SHA256
c71bc4915db13d8310cf5554b45d80f6d074130de0843727f23f5ce7bbd8d4e8

SHA512
31846c2fc8b0d40319800e01bfd8b028b38cde8c704790c0d1fde65ce1c1687e71942ac5f00b379ca7f6f75fe43f49a696cb27cd23cda464569a295a74b09ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
456a11d5bd5b6db691b7925b5ab9acc2

SHA1
b7ec8bc62bd37dcb8d4b91609adb9159cf73f71b

SHA256
9feb63271d0bff3428c9a64d39f9c14a9e846e6bc0759fae7eb7aa2aee1c7355

SHA512
370f22e7a19bbcc7b65b48dfd3db94c36cd7bcf61dfa65000fffe2e8ac17e8e1135731251b99dfb08390a6a2129e596431a340b62931cb8874cd7a3406b95f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d9b6.TMP

Filesize
204B

MD5
963699479969a4d2fb27d32c73fd7712

SHA1
8d29ff91654f95c126e9850e9bc8be822ad8350c

SHA256
fc3427b9ff9cba2be2e15372bd95b363387b71161a115fcf8b6adee687edf2a7

SHA512
489353befcef4e119022f272ab19629a5d3c7e8fa6d0edc26b7af0702c8f66fb7b31d207dcd32138115e23688e68085e9229c0cd22aaef7bef0bcb25f5985196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
563102624d1f10f2df1730dba4f30f63

SHA1
c5dcce277e9cbde853518cc759df31f764d4b34d

SHA256
4b192e300bc4fef2c61136a54b1b6dfce4be6dccf57be02786f5dcef24ecf6b5

SHA512
c993c73d808bbcaca7dfd2bf5047f411c12e69a5e8eda2be8c6e76e6126cce824d239a71db84b3fad30bc1f6f62c6c891f8c3785ade88e23fd4ae153e6b1a64c

Download Submit