Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://t.co/gHdmLP7...

windows11-21h2-x64

3

Resubmissions

14/09/2024, 13:36

240914-qwdgtsxamc 7

14/09/2024, 13:34

240914-qvf7bsweqk 3

14/09/2024, 13:25

240914-qn4daawflf 3

14/09/2024, 12:47

240914-p1gvdavcrg 9

14/09/2024, 12:47

240914-p1cknathnp 3

14/09/2024, 12:24

240914-plhs5atbnr 7

14/09/2024, 12:23

240914-pkklbstfpe 3

Analysis

  • max time kernel
    70s
  • max time network
    76s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/09/2024, 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://t.co/gHdmLP7nlZ

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/gHdmLP7nlZ
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff8d6443cb8,0x7ff8d6443cc8,0x7ff8d6443cd8
      2⤵
        PID:1028
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:2688
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3972
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
          2⤵
            PID:476
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:2440
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:3628
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                2⤵
                  PID:1732
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3548 /prefetch:8
                  2⤵
                    PID:708
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4488
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1872
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                    2⤵
                      PID:1100
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                      2⤵
                        PID:4196
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                        2⤵
                          PID:3556
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12460364472001713761,3169638550096050578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                          2⤵
                            PID:1624
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4480
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3712
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004E4
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4316

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              d30a5618854b9da7bcfc03aeb0a594c4

                              SHA1

                              7f37105d7e5b1ecb270726915956c2271116eab7

                              SHA256

                              3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

                              SHA512

                              efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              03a56f81ee69dd9727832df26709a1c9

                              SHA1

                              ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

                              SHA256

                              65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

                              SHA512

                              e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              72B

                              MD5

                              d691c77ae814a0560b1508f663f8746f

                              SHA1

                              210ca4b5793d6f8b155421ed0c84a0e4986bb506

                              SHA256

                              aba20d8d12bbf762933b30f18e9ac4f69c6b2f5fe0edb975f98772a7cd4f4b00

                              SHA512

                              584b1c0d4ddc4142154010c385599c0478e9682118b901717aee9e5e4e882c1bcfe5e031d1cd6e0d43f66e7e05664ec4e4fec903f24d12dd9c6fd02d1ef6aba6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              250B

                              MD5

                              30eefc048cd9b4f8be94ba2493efb987

                              SHA1

                              b27e6e28ddfa9a0753df25957c055f0350dfebf2

                              SHA256

                              df03080494e0e73689e6916c0e12e8c89ce8ace025b59c3d700e8e80a13f66ae

                              SHA512

                              5f34a600c0edb20c2f049532c700169ca796efcb84ff3fe50ae32df6adfd31b04e7501e25f95248465f1bd867504819b8186c0f95d21d4fe33490d2eda74f7ef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              98a2c9c3f98d0e99ffccc6d7fa3f803a

                              SHA1

                              4a2b0f3ecc0cdfe7066ef0442de65b403a89d118

                              SHA256

                              da496476bdf279cd28cef0bec29e1bc9fe8a5e8d73ec54929985c8f051cf2009

                              SHA512

                              64c3bb683843b4e18a0348d5bee317a1eb3194bc15118a158a637dd5825edc9f255fc9f8124232aaa8ea144f6da1409e8b893b867d19172d94b716f98105de77

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              e23dd9feb622eb03e14ddd5ac28bad54

                              SHA1

                              c0654b6acf59ec59ca60aa1b4fc200a605a2d494

                              SHA256

                              3691782dbbb6fb9ad3b3025d0fefa1ba1c0ba8ed6b0b5ade0617ac5a68cc7922

                              SHA512

                              25ef97c9930eddbbc410c5272c3c2761715c78676e8eefd33cd199460b2a1f5ba90d4c78360f5ce8e537e793ecb678bc2c0208139b9151583d651af34da3a7da

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                              Filesize

                              72B

                              MD5

                              ea54055feb5fa1e3ab8a3c32438348f5

                              SHA1

                              83210042333e2432204ff6785a592a18e5ad9249

                              SHA256

                              31299c1100625489b6674b926a6eb3d1d5d1dc94b1eb4b16f2c98dbe165001d1

                              SHA512

                              f017273ba3a2673b8259ca2ea390047bb2aa66ed8eaae93d8ba6cbfda38c4f6c14492352289d087fd7aa0d0297ef6d180f11e226e411e726c67a13027d4c6905

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e00f.TMP
                              Filesize

                              48B

                              MD5

                              11fd5161aea55fb254043494372691c1

                              SHA1

                              6f6fdb861458809f7a3b12c590131111897eb056

                              SHA256

                              c8ad6348afd5b2bda8a5bc491d62a6018c86141110e6f012f9f4a1a1fe4b1860

                              SHA512

                              fd3cc0c02d122dd65ef266e5014163ae61516c6ff0d8c7b8b3df7bd12a6e5e113002f4511dac08598e07bccc6f8a609f48f51ea53b313aa8cc97330d7bc426cb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              da4da1532672e3d4f579b91f85a97a32

                              SHA1

                              b4c34415b15ca7ad47af7e72f3265c869507578a

                              SHA256

                              b8e92d6c62e1953dbebf8e04eb870f7993f0d756abff0bddc58e66df4ff67a25

                              SHA512

                              5ca83c88eb42ff5db322ec0e8de8313d115ab0f89442d7a485980ad7a8da400f68c11d67108d23ddaa0602f71447f76615a9c7b13ce39733a98ad5a00f99ad49

                              Download Submit