Analysis
-
max time kernel
88s -
max time network
90s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 11:48
General
-
Target
https://sidneycosmetics.co.mz/UrpldG-RZ4Im-nPq5v-eJXNn-UUh1w-kqhERWZV.php
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sidneycosmetics.co.mz/UrpldG-RZ4Im-nPq5v-eJXNn-UUh1w-kqhERWZV.php1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34846f8,0x7ffcb3484708,0x7ffcb34847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4457762974339028647,4495706004874647212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
336B
MD5c3db15cb6b9eadce458c2801d0650c37
SHA14a28c55f9f5cd0ba67fa0a180f7e107ce735a7ab
SHA25685d841d510709b9953abe05a450a325d8bf440b032c3cae007f026c9635fd875
SHA51266aed861a88df0e35f505360f6e92dbab3a9f0272887f4b7c12f09ab497b65157b35fea0b7eab36e2c7295e76232cbe13e3800a556a98e3d8a20bc68379c6fb7
-
Filesize
240B
MD56bea87e2aa618c36c3c91691f329173b
SHA1b3474a314356a714d691c3aa3b318d3469b84e04
SHA25665bff8e711e31af0deba836e496f4a92197ac59518dc253002d71905d4a1d8bd
SHA51239edc854afb9d43f6fb558104f55c371ba0557530152595ce56d40dd9103641fbdc48bf2e053a1f6e9deda574844d28c70aeef037e642d06bd3e48c93b9de702
-
Filesize
715B
MD52e68e56d60dc4df9637b9dd8913df939
SHA1c7bcab4e505cbb278fd6e3e19f5f13799153b27d
SHA2565f9af0aaa0274e19a3eba791df0301e63a4e7a0529d47189b03a5899d812a466
SHA512d18464280e93b66ddbd5bba1a91987d35574e7556f5606ec3bfef2615a47955f7030db0f33567610ee1bafd74ed8e4ff3b37d9709645c98645586942b6926d1c
-
Filesize
6KB
MD52c997aa6ace314de3e0eac564642a12f
SHA17a2f2bb174e46236dcdee3455a5634286a3663ad
SHA2567417e63c39ff7c564f0d9de177eefbc4d6c4250c950413dc5d15099f9faff089
SHA51250b4cabaf95db7c730a0665fdd2f353509a2d230abcbfb806658012141e119868823be4dbcfa8c723e0432b539193154489f03b0a446e1fde30733eead702039
-
Filesize
6KB
MD56949facfdcfd80c45072c8b5855a42cd
SHA18e1fefeeaf4bc9cb175f19559abaed0e06d0f21f
SHA2561dda9c3a3ed009f2da1b06044655fa3b02c47ffd631c894345d40b70945ec000
SHA512aa8a1afaff5eadea71372f9b536c32a23f496855a6057368d91c2cdec21f4847e86a3d221d7c3a0a5cd4461279765553bf73d2f02a5f44fd49db1be432f6a61d
-
Filesize
5KB
MD508f98267284229711a6ebdc46e44bdba
SHA10dc9edd233b3e50357b645693158c9d93b7b77b7
SHA2568b8ac84a3ddb0ee346f8c6b4dbf8d01ddfed52b46a43517ffebfb6fee42e648c
SHA5127489cb2f30da5408d877ae9bc46b8812fef7b9b2d581abf8093095c20c891e724d55c81f7d83b7855d2dbe48942057627b71d68994d95d15e6e30f064d9ac3cc
-
Filesize
6KB
MD5c6be192053ece06ceeade90a1f21d39f
SHA13703b0dc0d8123c7e35005534ea66298f05a57a1
SHA256661c9ed41915161ea5f08b213a13b8f69183624b841ec9f0b8c4391d0795469c
SHA51226536eb9c8d4c9dec8bdd204e236f6d7c659625d490587f79faf8713c3957bc76bbbc18e9450b9b38b0ab3995b37209ec3ca6c153df74b83f9af4854ab05bc7b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD567ca05d5ca850f0159f332a9176060eb
SHA156f3185419719301a3d2616116ff7ad10d8dcf56
SHA256064b21d2dd626952023554268377070b9497f94a19c88fe8671c5c1e39568c1f
SHA5129fe57e78ca521f209f822f0c59beecf8dead5d40dada597e51cb0895c014582fed3b48a0e211bf28028cf4d8fe940d41eaa2b8df625cb3f071d2239bb5b6f7c3
-
Filesize
10KB
MD5a249e5ca8e8a2b5fa811f9105faa7286
SHA16dca38031ff66086490ece2a85f2837ff2d65019
SHA256b0a85e4431b260507de7acfe77f61e309ad17bdfe4e40d6d53053e429ad22c22
SHA512086cba2c7ea6fe2755e2fb174633be4e45be5073c0f7d91b90b4225b7224726688d188ff8608aa7893931158e97bfda42a3efa602eedccd218cdfc41e640919f