Analysis
-
max time kernel
67s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27/09/2024, 14:24
Errors
General
-
Target
ShortcutMenu.bat
-
Size
1KB
-
MD5
2ec378f228afaeb483e540a223239a9f
-
SHA1
85dbd9a355c23ca66e68442492ddb72d0faada88
-
SHA256
6289bc80387fd94d84b2294c47f8e10ddc7cc2ecc58217f86554b7dfb7fe0f39
-
SHA512
cce3ecb6f578605f50ab886ee33b14562313bc91e4042176209fad170c9a35996d64110c00f56473a019d703e246782b0be80a08ce9991f9e50bef6da90bd5bd
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ShortcutMenu.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\notepad.exenotepad2⤵
-
-
C:\Windows\system32\calc.execalc2⤵
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa20c046f8,0x7ffa20c04708,0x7ffa20c047183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,7089511219281372988,12350514617012939078,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5496 /prefetch:83⤵
-
-
-
C:\Windows\system32\shutdown.exeshutdown /s /f /t 02⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x41c 0x1501⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39bd055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
456B
MD51e6c2db51c03430bd2cfa7b919672068
SHA1e5158c8fb137364ec59aca6629160146f626b6aa
SHA25617e6ec1d77919e32126f53f37ccdf4c9b7396e80fd7dc5121004ffcc838a5236
SHA51248a8460dbfe04cedeb1088a3f13cafc412a7601dd56826bb90b0d440a8d22732a8188b712c933ffc9b762b913dec2d6b3503d298a7709feb835faef15a3c8a3e
-
Filesize
2KB
MD5a012060b739c2f1a8e8f2d0bf794c8d1
SHA1767dab7a6859e03348a6b77e2fe78971401c6ec5
SHA256da4e821564591798828465c710387406533dab65dbc46d56e99162cc34694d56
SHA5122374f34f2decf9f533bd0d5363d420ec3d853c1942795ab45857073f43d25ab1b51c0c668915409c746a5946174625c1d55c1804377c168bba28c2c470561e0b
-
Filesize
6KB
MD59146efcbc3028c0872f9b63affe57925
SHA1e4d50352402964438ba3fe5b7730a5a73cb49b64
SHA2564aed8c61c0f62390f9761e55e6a50372e14fd09a2da3bb6aef7f6eb5ccda7dbe
SHA512298062ffab27bb7f41efd6dac1af1d6b84e4bdf0f90deb6413258bc7bf269cf544c37904a138bf81622dcda9f3f1e2e017bcba1780e2e5f36bc14ac5d036a8f5
-
Filesize
5KB
MD5b52c3e6cd9c8a5ea9d301136310b5eeb
SHA1f918903ca1a4e67b97130f3faf3ec31ad7052423
SHA25684c407c4c0bc29482e76a2e71fcfc05aeeba4f9789783842bec8859ba89532b2
SHA5121a0f0fc0eb4f3f1fd86b0d0aa2a5bb4c3662c355ec0e9768ff619acd8eae697392e71f75eb9363efa4e85674fb5e2a0e9bff49572325611d2959d588b0d581ed
-
Filesize
2KB
MD56c9285999a2647e511113e12708e8b0f
SHA1a019aaf481230f44e44945c92f7a8314ca1b33a1
SHA2564c3986d5a6f4e13558925b5bcb3039d1c8cbbabbc566782422424800c43c1dcb
SHA5129bb21232aa86d98253373a75838bec9998c1e58298c4d190c69f98a96e3e6642e5c3c0ec4a3dc9d91a18a7d7e7d832f213787452ad48a8af14f18bd45e819053
-
Filesize
48B
MD5de15652fd96328722f7c555fb422a41f
SHA16a67c0bca5eab2df343915c9aa43ed6a68dee176
SHA2564b79a8b87f7060169d6f21b08e7c0e3dbc924186b77fa9c5ee5ff63e172aced7
SHA5125ed071dde6aab782406adfab4792427113931cf4557cd65f1ce8fbf058eb6da2e09bc845609ab9fa9737feccf800fb02bcd9f9903252ab4fccc6eefc735054c5
-
Filesize
89B
MD5e7417ec20cdcb3634d89e587e06b450e
SHA12b87b4f4520b957f63a4e593eb44ee694187ceb1
SHA25620a1b204b29ee335ef076c9d2fbd8212222c60346881953d7e3c7d2e777c0dee
SHA512f2a38997c86ac945e4fba221b2bb1d5616db94a79038256002fa940bacb9ab6a114363cc4e81a5dd9c2b9ce04764817fe259869399ea2c9e494db229667cc019
-
Filesize
146B
MD50cefeaa47d0eaa76aad8c5c312464210
SHA1a2116cf459419cea84dbb94fd6b3390b84be02b7
SHA25602ee769f712b2eda04401f42ec85a7d2a7d7c836aa736a25c09ed9f56aee01b9
SHA5123fff7ef1c102d4e98c8419da6b80f61bc6e199957025f99f41d90c46f1e0d1b3050fc38170290478d2b349f5e9b6426411fed7ca2b480395e688685b81fa6913
-
Filesize
82B
MD5a8c44d30f354523195cc1fb299a11d0c
SHA1eef6cd513af45bd827e508fa86b2a64d168c255b
SHA2568102e40b547e5abedfff13c30def420921efd4d47273b5a1c87cd1c966c4dc87
SHA51268d3a8f71171f8742e966a4660f026e80cb13a7cd0ade0cbabda982a3261f5045bc2b6cd921c741cb67b5d7750c597fc3f44491c8d2e6b6530b0b361baa81aeb
-
Filesize
84B
MD5695bbba4a0a3570a33a4f15518fa0106
SHA15b9e11972d680d632bc8cc10e3e0630e6ee4e7ed
SHA2568a41a48466a575e47ccd467cfb0be5b19e3fc6d3708d75071acac1ddfebbb35e
SHA512b2517546bd010e8081f0453355a56a00a14bf7a3733a2a4e7c9132544589ef7984cf5482d7c51bae6e7c2c912f4597a15c19f4c78a667fd5574518755ffda943
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
72B
MD5803ef288ba7ccbc2e2e4809406963e16
SHA1c8ab6199d6fe2a86334686874ccc961e6eff8125
SHA2566c218376dfc5e2128ce76ee9c6434eccab6416e5cfeb2cb6de41b6e0e7f66a43
SHA512d6fcf07b1a6063471bf6eaea78fcb39b66ee6d09ed24a8a3dad07ffe9a673bdc79a16616599374afc6894d7fe96615c6efc653a7056c650a443481a5abd63911
-
Filesize
48B
MD5a41db040fc2058fdbe56a4b8e76e4be7
SHA135647c323148e3026fec60c8753d3fb4c3fdf855
SHA256765573780a2b6254014df77d6dbcc6db7004ed372f7b9fe66f789a967545a966
SHA51248377a437b227d58a005c5f4d5cc8201b7456cc45f1147b3993fab5c7e3f736a829c831e7dc39d8f9a4328be0babebfc6ed5a0d4c2cb18dab4f8d66724b0578f
-
Filesize
10KB
MD53e826daadd902d0e02cd4c2b47d619c7
SHA1510582d45c87c7d3139c05c20bc43846894931c9
SHA256516d6f34b13342fbbcf1a2983cab0206316e347799e1295f81ea84e43068555f
SHA512ace9b0cf90aea8b4b2a5b3a79414f18f4094cce0c674b880015008febe79e17f4c671eaafd232252f3d928d9e2e74fdf9605046530db1acf020d260fc1463f53