Analysis Overview
Threat Level: Known bad
The file https://u.to/Cnb8IA was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 10:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 10:59
Reported
2024-11-02 11:01
Platform
win11-20241007-en
Max time kernel
80s
Max time network
83s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/Cnb8IA
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff924a13cb8,0x7ff924a13cc8,0x7ff924a13cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,12240271662634559620,11427273590048601769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | u.to | udp |
| RU | 195.216.243.155:443 | u.to | tcp |
| CH | 147.45.44.92:443 | steamcommynnity.com | tcp |
| CH | 147.45.44.92:443 | steamcommynnity.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| GB | 2.17.5.46:443 | store.steampowered.com | tcp |
| GB | 104.124.170.33:443 | steamcommunity.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| GB | 2.19.252.72:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.252.72:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.252.72:443 | community.akamai.steamstatic.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 02a4b762e84a74f9ee8a7d8ddd34fedb |
| SHA1 | 4a870e3bd7fd56235062789d780610f95e3b8785 |
| SHA256 | 366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da |
| SHA512 | 19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f |
\??\pipe\LOCAL\crashpad_1728_UYITVTGPQQQZAWNM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 826c7cac03e3ae47bfe2a7e50281605e |
| SHA1 | 100fbea3e078edec43db48c3312fbbf83f11fca0 |
| SHA256 | 239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab |
| SHA512 | a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0748b527da4ba1c46d044b3e8661b074 |
| SHA1 | ba46e68912fa8121408b43575e9f65db9e152dce |
| SHA256 | 9104a7e8575e75ae6219997978be9f966a41e17858c2c37fff8f02e8aac067df |
| SHA512 | 64ffd92eb84baa2d0f2515c0f8ca9136077a95ac68792218f8601e629b85deaeb08b78f519804ff854e07dbed1a193c1a81854d4b83f9559e6a8f330aa2c7daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 06dbec29962624338871ebb4b2aedf87 |
| SHA1 | 640a8394ed65f3f55e5e2e110c5fd6135b8009d8 |
| SHA256 | 0f45f583fa2640cad07278b7edeb1e4a6b95bb0235653f99682d9ce431b48a04 |
| SHA512 | 083e696e5a096cfa012f5cfb8f9fab346549b9c9569085794a97f0fce92caf5b775157e23b5a4533816dca586238bae00e4e24752fc730c85787e352f663071c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47b1b2dec97141f36ada68b998e34d47 |
| SHA1 | 14b4e07ad96780042dc04833715fc39e6d25d208 |
| SHA256 | 136064b7fedbb57640ba29b99e28e349946f8e25b681f15ca499c40a433135dd |
| SHA512 | 985bdc9c4ee3039af3ebd4d5a272d785a7a3fa5f4a0594fa9dd1d4fc8f8e36a4dd999c4fc05b54db842115729bb77867e63159d74e457eaa09aeb5615c1b5e8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dcfc407f3d92dadd09865083c43efe96 |
| SHA1 | 7b891a4a760b215cd40b1a9f93920372920bd535 |
| SHA256 | a78239219e84d98fd9fe8f424f52fe265ecf5a930a51255266e1a161edbb2c9a |
| SHA512 | d4d461defaec817bf3d787bc1c5337e023e726116255938bfae72e284eae5dfe8528c043c07839bc4e7034f42b7845ead489b6d91d85f6803d5e8f5743b6e1c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f194.TMP
| MD5 | 2450b87470475d992fbb764e32ce424b |
| SHA1 | 5337713e36435560cff8fafe8b3b5a3e13a39541 |
| SHA256 | 4adc0038332c4c573079fd13911582318be6e6ca02b2cef37f8c1fca875dfc97 |
| SHA512 | 79d1e11b15e1963abddcbaa92510de808eac65636d7b876c07a88ead738bc2dea6f2966446ea027b240a9e30f5046e6ce24ed117d969c9d6f4e6cd03d34c3b71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a4e7a57e0d5624681a290f7cdb8ea4e |
| SHA1 | 5fb71435f33fe95063c8d343c9e1ac96694c017c |
| SHA256 | 6712be54b774dc638dc4a21d3beb5087d81f25df07272e811e6390d903f352f7 |
| SHA512 | 85d39eb3831c79270d4dae11f6d5bc6e1d610ea053677d0d70317dfa8810b7d68c81f56b9f7827a7729c246152c3bd3dbe9f84b01119f296c6ef5f0e5100ab82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b882d65b941605bdcdadabc2c413d165 |
| SHA1 | baed105487e71880839aeb632751e34c277fb127 |
| SHA256 | 060296b76029efaea3af2ac5ffed2679cfaa10dd1957baa8b024da4ab94bc1fc |
| SHA512 | 1988c8bdf777528e3f231ee55b865e9d2e2ab6ff6c38800ce86d338bf972f82e1dc1671308ab166775822a2f27e18f6a417eb1355fd559dd3e2114895cc55777 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d31202f8efd27c5e804abc16970fcd0 |
| SHA1 | 787b118f58a69773f46838f4fb86e81091f81b57 |
| SHA256 | b4fc34775473de6d8d32e8108d30d45494e1896b042799dfa8cac66b476aca68 |
| SHA512 | 0a51a633420744adc4a8a0dc737d19f9e0043ed05cb9730b5922ae4dc1d5858e90645c1e0dbee29dce2df1d8aee44f7a3f0d8c2d629d5cfa4997a3cd11c90c27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6f3ef3a300d6ade69ea0bb45b3ff1677 |
| SHA1 | f63bc76b63a48e1d4205f408130ff312103abb7b |
| SHA256 | 6ee5b9855d188d23c31e42ccdad90054361c7bca14acf2be8a6a66efd2160b1e |
| SHA512 | 9904cbf0ae6a532703f4d7e1eb24e370512214b24864eb395fa647f0edbd85737d42f586144682d9fc0d9ff07838a854dab1ef1042e0cb39a14a125cea1451b8 |