Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://docsend.com/...

windows10-2004-x64

3

Analysis

  • max time kernel
    79s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-10-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://docsend.com/view/s/3bvnftkerfgmh5jt

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docsend.com/view/s/3bvnftkerfgmh5jt
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa148046f8,0x7ffa14804708,0x7ffa14804718
      2⤵
        PID:724
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:628
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3516
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:2428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
            2⤵
              PID:1952
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
              2⤵
                PID:3952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                2⤵
                  PID:3908
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                  2⤵
                    PID:1956
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
                    2⤵
                      PID:3644
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3480
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                      2⤵
                        PID:2908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                        2⤵
                          PID:4844
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                          2⤵
                            PID:536
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7428505992792456675,16986937859587226820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                            2⤵
                              PID:2084
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3940
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1384

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                85ba073d7015b6ce7da19235a275f6da

                                SHA1

                                a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                SHA256

                                5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                SHA512

                                eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                SHA1

                                010da169e15457c25bd80ef02d76a940c1210301

                                SHA256

                                6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                SHA512

                                e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                1KB

                                MD5

                                b6c2bd3f2f2f3e936436dd6ae50add93

                                SHA1

                                ff4d0e9eb82d19cdcfe4e042864ff4350865d6ba

                                SHA256

                                87155a574bef3b684a55e2d7306b26a5b231333b9fefe079a74325fc465c5834

                                SHA512

                                033be59d86c9f1e8e540e7ceb7bcb5024cd88f38277e7a300f77bbafc7d04563b4437a3fc5e9df2544ab1afe09df76d32e030b287a6c0b435c25bbddbcda8438

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.dropbox.com_0.indexeddb.leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                1KB

                                MD5

                                513445376d719df6cd5b102db9aad669

                                SHA1

                                43d1df045e07db508e9a51ca75d962b9545f4cb3

                                SHA256

                                bdb8ecb1205984ec9d8f5fb0a3808a9f2983fa6b7c8ff907af74907f149e9fe6

                                SHA512

                                b4527cb69b5679639604ccaeedad83b61c55a72efa1ccbef063c769040fd01780f24fe951cd4111064f95b92e70006c4b85e3adf3458972b2c2d64cfb37e3d79

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                054854eb6f76756c856e3fae77324de1

                                SHA1

                                388eb751d6e3230c7804c4d426eb9e31a4d8f0b6

                                SHA256

                                d20b799852085775a304ae8077cd3d35f2c3a610957ff1b0bfe549e5e4b95c0a

                                SHA512

                                78f3419c8965d4a46a6ed908cf9d5ef77409d70cf2c569402f28d43dc989c4a76a7b623bf1bff5e3cc84f0544cf473753862e6262dfcdbd796342b11d209a48f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                7a7c0d877e3f584d6ac256e453385450

                                SHA1

                                46f242fd58c9bcee1638901f9ab7b17886bdde9a

                                SHA256

                                11285e2a49d99de03c661fe0f0932d761bb7d2d935b2355d7b2ac3f6cf492701

                                SHA512

                                f24550008107a703c0f713c83c53e84719c636b2dc7d396760b096d64b060821df6c33233593ebc1be3930ac4b96d210a89086ed4e9b2e506f52d57e67b2f8bc

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                f85074f3e74916cf24e3f9fe487c7e42

                                SHA1

                                9bdac6bf60e211d3fd2638e63e1d17e8746aa222

                                SHA256

                                3affbc9f31ccf604e4a42244ca004f88e89f2b0d2df1215be5639d8cccf7ab61

                                SHA512

                                82193ed96d839cc6ddeb96bc8d337cb079ef207ab60302b3a9351c39496e0ab2b6bb39a90f1792e11ec074f3749400c91e4a249d04d33cde60386dbb10e26442

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                7be4d7d67fa660cdb8a52e6fcefbf811

                                SHA1

                                52dda1e8db96884eb735eabc8e08e819645316ad

                                SHA256

                                048eeb26400b97a51a852f93afd96ae0a50311452116fa2fc6dabdbf49504b56

                                SHA512

                                777540e14a0962272d173afa5a8666d68e5fa83ea265896bccfedaae4cb84ab36aaa302e9c52bd8a47c72ee903d2173610ee4f6dea62020296042957695dd79e

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                4ce1f8952cea37b669ae04b7fa00f444

                                SHA1

                                eebf1c415aa6e7b6cea459eb91b355ce75d20901

                                SHA256

                                fc2ea4304d2a46c9f0914f1db2dbc14df6b368e0d4900ac67bd9a2cca39e9885

                                SHA512

                                4702dcd1100916e6798816a465dfbd30cc7f08d9d4994e88b3f258245b8cbb4f0b593202fd75bf2c8964834d8a6fec4d6482a5351e2597b319303f06aeb6c60b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                1KB

                                MD5

                                2cc873dfda09224d26f752cd1b9f7923

                                SHA1

                                b7a2c322e9578c57fdca7669f2766de9ab796f9a

                                SHA256

                                2c06654980371cd3e2af1102254ad41d03ba0c1a25c2977eafcc7829f6896f3b

                                SHA512

                                0df6450a83c0772522647317b8f664733d02ba85f6925fa40e856506d518a5989f9f12fc1f47b9dacdf76d938aa5d0255212c3fd36bbf6e2c6bc0fd0950235ca

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a7b.TMP
                                Filesize

                                1KB

                                MD5

                                6157d9411d885db428f8edb7316d0214

                                SHA1

                                52aede54f8876408a5b9938702fa257a5ee42c4e

                                SHA256

                                4e9c0c47b04d3a243f456a3c5d7d02b8e14298193831886e1aec303b39cf3cb6

                                SHA512

                                fe75f8f032d6d63449130ff2898fbff71ee073bad52aee2178912aaf431ae3445ef160800b3b04dc222c616b62184e1e1ce01f387962c2e10d0bb1570bd19dba

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                0669bda37dbea89252168bc5802da774

                                SHA1

                                ee360f7e88edd9b6414828f8b90c03f1a715a0f2

                                SHA256

                                f97f7cdd0e9af989e1ab4aaa3a140d36a2643cf6efffafa83b3e8652a9f3fccd

                                SHA512

                                883fdcc4c2204c1615e84e2cfb081a8c576655a55a8d95bb6b238438e2952ca628a91472e79607c5b4e0e0afed559a346d5fb439f165ee5a2df73da5a613a02b

                                Download Submit