Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-ltsc 2021-x64

6

Analysis

  • max time kernel
    99s
  • max time network
    113s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    24-10-2024 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/uc?id=1CcI7vhKriigxEsoUMYG4SUrUv3SPgRyk&export=download&authuser=0

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/uc?id=1CcI7vhKriigxEsoUMYG4SUrUv3SPgRyk&export=download&authuser=0
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff23a046f8,0x7fff23a04708,0x7fff23a04718
      2⤵
        PID:1628
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:1948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5020
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
          2⤵
            PID:3360
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
            2⤵
              PID:2652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
              2⤵
                PID:560
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                2⤵
                  PID:1244
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                  2⤵
                    PID:3600
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                    2⤵
                    • Drops file in Program Files directory
                    PID:4952
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff732935460,0x7ff732935470,0x7ff732935480
                      3⤵
                        PID:1512
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9153563185166200769,16699900828578638011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5068
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4216
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4408

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        b9fc751d5fa08ca574eba851a781b900

                        SHA1

                        963c71087bd9360fa4aa1f12e84128cd26597af4

                        SHA256

                        360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

                        SHA512

                        ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        d9a93ee5221bd6f61ae818935430ccac

                        SHA1

                        f35db7fca9a0204cefc2aef07558802de13f9424

                        SHA256

                        a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

                        SHA512

                        b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                        Filesize

                        70KB

                        MD5

                        e5e3377341056643b0494b6842c0b544

                        SHA1

                        d53fd8e256ec9d5cef8ef5387872e544a2df9108

                        SHA256

                        e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                        SHA512

                        83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
                        Filesize

                        41B

                        MD5

                        5af87dfd673ba2115e2fcf5cfdb727ab

                        SHA1

                        d5b5bbf396dc291274584ef71f444f420b6056f1

                        SHA256

                        f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                        SHA512

                        de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                        Filesize

                        264KB

                        MD5

                        f50f89a0a91564d0b8a211f8921aa7de

                        SHA1

                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                        SHA256

                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                        SHA512

                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
                        Filesize

                        8KB

                        MD5

                        0962291d6d367570bee5454721c17e11

                        SHA1

                        59d10a893ef321a706a9255176761366115bedcb

                        SHA256

                        ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                        SHA512

                        f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
                        Filesize

                        8KB

                        MD5

                        41876349cb12d6db992f1309f22df3f0

                        SHA1

                        5cf26b3420fc0302cd0a71e8d029739b8765be27

                        SHA256

                        e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                        SHA512

                        e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        5KB

                        MD5

                        b737f9042b22bda83ab85832023ba6b4

                        SHA1

                        3cc056bb70a2ea9c346e254fb23c256d174888b6

                        SHA256

                        b5dc8dd0a752a38cc20a488f5e172377851705b30b77cf44eae9cb6e88be4935

                        SHA512

                        0bad315460001cacecf22e7a1f264cdaf227231fa9b1400b7952976cefe1baf8bab268f79d90fac22fc05a8a49f75fa86346380d74ce81a55a2f0088026a67d7

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        cc737ddc098439e5401030b9d5536796

                        SHA1

                        70d7a295ab18929a4f2fa8e1207f6a133930bed0

                        SHA256

                        0daf6de3b6f5c08a0fe2f0d35a9ed92747b27326b3543942547bf22854071426

                        SHA512

                        8add9e96a273fc715992d8bd8775bc032b47c8e0a040f01263ff3bab5395fe7a382f67084a61ddf94592fbdb11260f8ae557649ad01d41fe4e3c7b1c93005d7d

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                        Filesize

                        24KB

                        MD5

                        f9055ea0f42cb1609ff65d5be99750dc

                        SHA1

                        6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

                        SHA256

                        1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

                        SHA512

                        b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                        Filesize

                        24KB

                        MD5

                        c029e76a78f124ad4aea56fa5196df7e

                        SHA1

                        e6794d580c9753f35c7e0ff6813c27fb3a3cd5f7

                        SHA256

                        9856a3a27dce1d7578353c623de39a2304fb02a4a543497e2ad4804fa03ecc4b

                        SHA512

                        cabc52938d407fa27147eaa7904f60fdce79eef6236e75f5dccdc4da1d58891c379635bd1f562c38268ef4c3476e30015396d09434cc008b54465f92959c3344

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                        Filesize

                        16B

                        MD5

                        206702161f94c5cd39fadd03f4014d98

                        SHA1

                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                        SHA256

                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                        SHA512

                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                        Filesize

                        16B

                        MD5

                        46295cac801e5d4857d09837238a6394

                        SHA1

                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                        SHA256

                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                        SHA512

                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        8KB

                        MD5

                        3bdc5efdf62a09977e8d388e96f1386a

                        SHA1

                        a44dbe430642c9f419603fdb29bda624e79f26d4

                        SHA256

                        bfe52f16ca02ffdd172c141793881c01839ad48fd5638c5cf08590eb6addadfe

                        SHA512

                        6928b7a4e6395339a2567c2ec033548a534d241417f273ccde67d128ff627389996afd6e2446feff809b0d93bc3efc88df6cb1c60c9379fe874fc14d3299fb5c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                        Filesize

                        3KB

                        MD5

                        96d8efbfdca9ca77f56a9fe507c60035

                        SHA1

                        96694d201b12330aa26a0c6615e4bd0da195c8fd

                        SHA256

                        1f4cb379608ef89f1888581138474c4011afefeb42e503e18a8465b2c5ade7c2

                        SHA512

                        f6b13a1ee1d0e8205176ddd7a7440b667243aa6079ccf0c6d135bea11fc807a790e22cb1df0a53e3d3f33d999b2a0f1361ac3f92c36a44eee83c557a8d5759ae

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                        Filesize

                        3KB

                        MD5

                        2318a59e73d41c8b8111c33bdc8cac81

                        SHA1

                        528e52e69c8cdd43350e69491d83e364d4cae8e5

                        SHA256

                        07c8c9dc45a87b0c481ee153c6e4fb00259c097949cdde5fe78e8d3fb282d94b

                        SHA512

                        a0b17abda749033a8b15f1c7821014c8666e4f3584cfc40efc09825d71b40121afb4b10935e5d67a4aae2a88972d0d8c312bffbb3b7febc415294db3e70e9555

                        Download Submit