Analysis
-
max time kernel
61s -
max time network
63s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
19-09-2024 07:08
General
-
Target
https://www.google.com/search?q=mini+hdmi+naar+hdmi+action&client=ms-android-google&sca_esv=f94f21a840b19fef&sca_upv=1&sxsrf=ADLYWILVRI75h7NYy0TnqcdcIIVLFAUUeA%3A1726482618386&ei=ugjoZoOeF--yi-gPurqo4A4&oq=hdmi+klein+naar+groot+20cm&gs_lp=EhNtb2JpbGUtZ3dzLXdpei1zZXJwIhpoZG1pIGtsZWluIG5hYXIgZ3Jvb3QgMjBjbSoCCAAyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEdImAFQAFgAcAF4AJABAJgBSqABSqoBATG4AQHIAQCYAgGgAgiYAwCIBgGQBgiSBwExoAf_BQ&sclient=mobile-gws-wiz-serp
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=mini+hdmi+naar+hdmi+action&client=ms-android-google&sca_esv=f94f21a840b19fef&sca_upv=1&sxsrf=ADLYWILVRI75h7NYy0TnqcdcIIVLFAUUeA%3A1726482618386&ei=ugjoZoOeF--yi-gPurqo4A4&oq=hdmi+klein+naar+groot+20cm&gs_lp=EhNtb2JpbGUtZ3dzLXdpei1zZXJwIhpoZG1pIGtsZWluIG5hYXIgZ3Jvb3QgMjBjbSoCCAAyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEcyChAAGLADGNYEGEdImAFQAFgAcAF4AJABAJgBSqABSqoBATG4AQHIAQCYAgGgAgiYAwCIBgGQBgiSBwExoAf_BQ&sclient=mobile-gws-wiz-serp1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f4603cb8,0x7ff9f4603cc8,0x7ff9f4603cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4838567860723447535,14191466864520797434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2544 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52ee16858e751901224340cabb25e5704
SHA124e0d2d301f282fb8e492e9df0b36603b28477b2
SHA256e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c
SHA512bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba
-
Filesize
152B
MD5ea667b2dedf919487c556b97119cf88a
SHA10ee7b1da90be47cc31406f4dba755fd083a29762
SHA2569e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f
SHA512832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
120B
MD59d8b002497c8436dbe23780ffee7d85b
SHA15db9e506abf0455a33fbbec55de73861afd8c499
SHA2569969674056e86f0b6884a18e76798df9442e2f538b500729fb7e521df511e74b
SHA512025efce4ca85a7bb794d88cdf77e85066f45c1f241c4c09cf03d9a71531a51f2b208646e8e11763e80aa8186957d26ede2cfa7eadb5b450f9055e44e6fc0542d
-
Filesize
5KB
MD5ffcbae295c8b2bf1a4c8b90fd3174106
SHA192947b20ed10f6030f83d68c0f874aade101a9f7
SHA2561337a08bec7c631c226650fe4c55721c310ed8357b5c810c0a3d076fd389a03e
SHA512b8570a4c95541dee21e4d94d228aa39461df7eeddbfc8faecd036dc440b358449ea86cda107c02c71c8ed6b7b25756e21321d3efd3a251c0a91cce5a9495f5dc
-
Filesize
6KB
MD5953bdcd059fe33aa13599ace7df29f27
SHA151aa4c884725dbe123a62df495b8b8d64ac8fdc1
SHA256949920261253cc4d58e2f032d929c37ed5eac658a45211d941ecfab7d13ee217
SHA512937e32ce2cf7544f2c97cd0a1c0b8086c5d950d7428ececb670dc0c2bfff6d52951df58e2697b8885b81f2a217c91fd55816992c340ac6397f5686af1a19160c
-
Filesize
6KB
MD5f0345e9efc38d5f316a2d1b3fff096ae
SHA18af6ccf6004701480e4c0fca1eef485f25f4c098
SHA25604daf4113439a12eeace97739ac060a0b35de7655f85ead821e21e195b4ec746
SHA51249dfcd28cdd9aafb970a8f47e4d9cb02bc7a2d61df042ced8c561948926c029620b4819b347b21a2a9e652f696948805ad80daf1a2273a96c8a96e1e80465fc2
-
Filesize
202B
MD5aa3b609f38e8693025dd8073028879ca
SHA13863ce62566bde3def83f9876463eb2ba48d5b4b
SHA256953177260f76292b3c5e02ea79e70ae89d8995a575382aa91db84dc5c537db84
SHA51275d36078ee53edc0b9766686a31dc3e5d3b720a67fd814fa582f62eb88fa9e9a05d28b0d176cd7314f887d197153b0dd36e066d2132c0955defd8b8d5e066363
-
Filesize
202B
MD5789791a9a34c19805686512ebb1d7ba7
SHA10da7fe3837d1e7d2b136226a6e435ea6adddaae0
SHA2563dbee2cded2ee00c8d7b98a39adcce9afd925400ab6a1d846603b4f12be30ef7
SHA512c23f3b2ccb71ea152acaa4c5bd004b354a7aaf7c282c62f5baf671201128546efe326172f4f295f6dd1505aecb157710a4547bba8c18c3382eaa068ec6444b06
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5786e08a3c18b4cda4f01bec536ed1f59
SHA10c9348ca1d85d58527dee9752762bc4bef2f7348
SHA256145e924dd4fca7ce5478842b827009cb5b156a3b34dcba5ddabe2a1b2edfae80
SHA512c452cb5132637ea25f6d760b800427ebb3e2ba18fd7d5cd162c3c80392d5b660d1d4d3079c589f7647f40585d7755bdca2e76ffae80499b6d1d650f643c3293c