Resubmissions
02-10-2024 15:15
241002-sm8bystamm 6Analysis
-
max time kernel
18s -
max time network
19s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
02-10-2024 15:15
General
-
Target
https://fbrp.se/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fbrp.se/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffead0b46f8,0x7ffead0b4708,0x7ffead0b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4024 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,16839000322906370964,12083486595539139969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
480B
MD51246a7ec08e442f41e57e96743f6236f
SHA1a8bb95101dd3da4d1d41ccc35225253fbf753a88
SHA256a6e5a2cdf8e0fb1cd4f8dcedfaf20eb744cc41123edd65e72050b7c3bc1f78c2
SHA512241fbe6c9cd976653260f36dae7da75355354252f587fb27a43b52d5030bfca1efc8ac16a59f6a6efaa6ba0e2038494f32fb420b8d292a8f367d6699f69614bc
-
Filesize
959B
MD5951c896a31cc8ff05e33d6a48bed99e2
SHA17c37c4b3425c119232ab4c9a3d47ef037a0adc5a
SHA2566f887d6b9471027c20437c8699cd082da13107cbd5e1ddafcc61c15c8e5180c0
SHA512faddd5b252c6f3e62b30f7abaa6a361e518fa65a76d8e60eec3f867f8ff56e3bc184285b2c32f941b7935cc279f57b7ed55d87b1325a388f25913ec87f3493fa
-
Filesize
5KB
MD57c2c8fe889eeacec5711b21488c10d4a
SHA1853081e3945b1d061196f1449b5ad3222c1a5b9c
SHA25667c4fa64ce8da63c6f4441ef24a2e9dccad8dac9dc2736465b08972be0328668
SHA5128b7d6203374ee87fb630c2541dfc32e9b490df6027ab06399d5310887c41e45597c7aa44908c423a93d39420eee5cef1fe72f32d646a0c889b01d6dfe272cfcc
-
Filesize
6KB
MD5fb3f0e6e598c2b1efff2c85dc4db9d2a
SHA1d8b40d5150573e1a0030886c16aa0d92c8019e63
SHA256bfdeb49e23f3c1f98ac0d02102f358fcb7a8e63ff1258f338ad0da95f263547c
SHA51261bbad4b1ed8ef9b310ea79d3899a9c965555375f0a65dbb2cd5e794f35b74aa3a33081c8a4dbbc0d7c1abac4c78d1c337005cf1ff640d40107a43fd7b13d0f5
-
Filesize
6KB
MD513d5ee7fd527c71108529bfd3a2e925c
SHA14e835dad18b5c65695d8deaef64b481ee5ef2c2e
SHA2566199fac088c243b2aa0760e431f474504bcb2e36e6b622d411c997d08120b5a2
SHA5127943c67876d2e12dfdf1a636ff99ae7ed086ee3812027a0cc575e4b37c14cf883f047ff915bd704b018aa2f5867cdcd58098dd9c1303498fced1fab7f26ab9f9
-
Filesize
538B
MD5571f07740c7c5368a9fccc59c99c0c59
SHA1b4f938b3148ee43a3f53cfce491024c03e02be41
SHA256cf94e152979d356de648fe75a7e2bb857bb5ff4f85ade4cf8e9ba051466c9c51
SHA512ae840dd69d51a1152a7911e87cbc5c33ec38727678c0520c5ec6410759bcbde5a2c3148c4941b2099fa96aab4ce4781a94bdfc88359b8d2b1b24b024c9f67bca
-
Filesize
204B
MD5636f9302fa0b7249cd0dee04cbaaab42
SHA1718503f13eda9ccf60dbc642b6bae888fd71a869
SHA25671b108b0c56f69511f8f0d94e860df484ef9b1d1087fc94b837327cb83b1498e
SHA5120e251bc1035f001796ad099375f7038cd2ae78f391d588a6120bc161a423dba5fd7f187b71f489e25c38a7546e1019f35e3415979d17d491350c47ffa1ec9077
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD54f6dda6cc5e1232f185ea1c29b713460
SHA1b274f697561cc86669ef317fafb0a6b6aef05ebf
SHA2562071fa8e5be2914cba86dcdedba2be8b03f762dbb2cde1ac866869f02e92bc3f
SHA51271c140c2096a8e7348ed371b824dab3da4c29cc7e17ef900598e55e3d7f8fa40e46df2bc71ce833bb1d8d2240a504b16361c869e66033ccccd039adc809e5685
-
Filesize
10KB
MD50e4d342abed24cb91180674a24aea6fb
SHA134bc9f516c7e536735a177aec9ed0acd7226f95c
SHA256304a640f2118c327faa06e063d42f31086e4d813f73f11f7b40bf1674069bd78
SHA512fb7c9c0846dd1facddb87c250ab24fa5b67482d8186bace9969b47b968734477cfbf29e9887f8727411a7baffa7cbf203c59c41cd7ce02be45d90a6c1b4276c4