Analysis

  • max time kernel
    145s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    18-09-2024 19:18

General

  • Target

    https://dweb.link/ipfs/bafkreifph63w7jyrivxvyh7tncs6obqddq6gcljtexqyvlpk6knhwfgcwy/

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dweb.link/ipfs/bafkreifph63w7jyrivxvyh7tncs6obqddq6gcljtexqyvlpk6knhwfgcwy/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3560
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca65646f8,0x7ffca6564708,0x7ffca6564718
      2⤵
        PID:3808
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:4344
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
          2⤵
            PID:2860
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
            2⤵
              PID:1948
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
              2⤵
                PID:748
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
                2⤵
                  PID:4516
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
                  2⤵
                    PID:4944
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4140
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                    2⤵
                      PID:4224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                      2⤵
                        PID:3504
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
                        2⤵
                          PID:4200
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
                          2⤵
                            PID:540
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,14258245972754904400,15017585867728370904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3416
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3860
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4012

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              d7114a6cd851f9bf56cf771c37d664a2

                              SHA1

                              769c5d04fd83e583f15ab1ef659de8f883ecab8a

                              SHA256

                              d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

                              SHA512

                              33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                              Filesize

                              152B

                              MD5

                              719923124ee00fb57378e0ebcbe894f7

                              SHA1

                              cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

                              SHA256

                              aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

                              SHA512

                              a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              216B

                              MD5

                              51974540990f00ea8773cd28e41a0cbd

                              SHA1

                              0e3e6df9404addab5dae4eb5228fd680d0b996f6

                              SHA256

                              e6a2a54c7bb99a5d7aefc0a1b2d319a8bb21aa74d34a00f5c9105e8063665932

                              SHA512

                              56b148f59bee528cfb7a1196ffca735ea68c8bf128e212eb393110c0e4ed625ce4f91f8e23e027810e170b03840b863e862f380ddf948e2b373c29af4f9eb350

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                              Filesize

                              72B

                              MD5

                              7913ccecbb591c53d8a852cf263c17e3

                              SHA1

                              2a560b88b09161a73dc54c68890e6eaaa998b112

                              SHA256

                              b3a0689899b92b9109bc5d05d6e84128017dab44c40327e67ae1d3048f926548

                              SHA512

                              cee8ffbb3e9a84286e04fd331ac55632b63d432c6950f8ccd4b44ddbbe327517a5464fd60cc6a53a3e6290443d66826d3dc6556ba0c5eff643ea0fdb1fc1e5a8

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              6b53cd9fcf2c00f40dac059d5ad99b48

                              SHA1

                              7e271d39c6a0391919c0c9b12889989667e3df85

                              SHA256

                              493fbaae36dd08ac8acf0106fcad01112a90d5cfaceff2cff82dfa471df68801

                              SHA512

                              95e66991dc879cdb97dceb93edd7c076e3da6d537b9f8c0e3421c48a7a1d11dc53da199b89af640ea2a5ddac3b1c5b95808e1f0d6ded19ba7fe934edbf70fab0

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                              Filesize

                              1KB

                              MD5

                              50f4beb464efaabc3bd504a4eafdc2a4

                              SHA1

                              9b9ccbd6107c8242ab07eef569169b91e77eaf23

                              SHA256

                              938645fda39892a9b68e2cd1e8ba4cd9cd183e8b16f78ab8d9125d391a4ffcf3

                              SHA512

                              905114f3e723bb8d5de39162e5dde55541b10bee71abc6a97bd21d7aaf829ed9355f4d9307812e64dfb9e185d923f1ae61456218d2430985632ac081c8fe0d59

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              5KB

                              MD5

                              e2f96466fc77565e1ac5df3dd79777c8

                              SHA1

                              92865362553921c6cf725ff770222dbf4ba3f30c

                              SHA256

                              560403b38bbd3a368fdf10601343fa75e0d851c6c9fa7c63f8e420407b23b372

                              SHA512

                              996f3326d075f0ae00216c4013e2e6519079a401cfe1bfc89ba4c39b61041edaf7458f7670538b841d59b954434425fa26c774c25a34a67fb0ad76fbef4e7faf

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              5a158780f446a60d9b89600778c3588f

                              SHA1

                              248a896d173a31108e66fb887cfc29cc3b6886dd

                              SHA256

                              1fec9554c2a7f76b97b17b8f0a7b9693f45c68c504df13f0315ad159a026d4c3

                              SHA512

                              3fcce8847ea7b736595ff83d9541efe481cd45c409d03b5c14f7b71d41445a5d784d6ba7f1dd3886f2b45964cb347c3f63fe484a36a98974ba3e6972282dc4af

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                              Filesize

                              6KB

                              MD5

                              e06ed509e350c5c543d066382f019e8e

                              SHA1

                              f07ef12119abd4e49bec2f2d52e91218ab96a875

                              SHA256

                              c623afb95e2889b5c419c636b387e1280ef06ebd547973b1b8deaec7d4c9e04c

                              SHA512

                              953cfbe1d031596080e64e5e483d3eeb12745fdf6e4798dcc41248ffbb5dd24457a76de1ea5bbe2b43a1aa1e05cf83324e1d4b519341a31297bffa486b796fb7

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                              Filesize

                              1KB

                              MD5

                              c84835f4b256ad6b05f715261e8a0acf

                              SHA1

                              70da1bbc356190d578c05f32ba4d924f88cce7b2

                              SHA256

                              f5d04e9f843c18beaf3269e2860f31a244801f36c27f798a2b0845beafc52c6c

                              SHA512

                              2d3c9ba0f076a9caf2ce5a084fc5697fce2d3d98794b6325cea99138ba61554c6323b5bd1164d9d507331eee2bda33e68ca8f703ad7d5eefed25dff92e2eb0f4

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d099.TMP

                              Filesize

                              1KB

                              MD5

                              fda550b2b765750b101dacf2d7c90195

                              SHA1

                              7c012a379f4e4cc8b30db0ecd245b7dfce4f4573

                              SHA256

                              2e94d5ee2c9718c44cd07864b8b2eafc45ff6e2339981cadc40c514d5b6fd82e

                              SHA512

                              4588037fb27ac5a838cd88f028cfb759d61a066c242031720b6992d30c0b184811d3f8e23ca89c624cbe5d26e332392416f6cac7a8047a7bdb06fbfe863da4d3

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                              Filesize

                              10KB

                              MD5

                              e5321a468b8bb15776b7d0ec1d48f1ce

                              SHA1

                              c29cffc6461d9c014723f7e240c9c48720fc054e

                              SHA256

                              3545f3d1addb51a950080e294b25eebf6378a43e2c543d0761aac33c89457d55

                              SHA512

                              01b05aaff3ea091e9d29f21e7b1164797def85591e634afd99ef33f234869e14da2e43468d0d7d65ea03cb1da73333a5da2a00736814922e43016f8de211708c

                            • \??\pipe\LOCAL\crashpad_3560_JSJBXBAMHAMCMVGW

                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e