Resubmissions

19-11-2024 15:58

241119-tef36sxpcz 3

19-11-2024 15:53

241119-tb4easxgqf 3

19-11-2024 15:30

241119-sxjfksxfmf 8

19-11-2024 15:06

241119-sg67psybjp 10

19-11-2024 15:04

241119-sf1zasslgl 3

Analysis

  • max time kernel
    101s
  • max time network
    104s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-de
  • resource tags

    arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows
  • submitted
    19-11-2024 15:04

General

  • Target

    http://g.deev.is

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://g.deev.is
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff93b153cb8,0x7ff93b153cc8,0x7ff93b153cd8
      2⤵
        PID:4200
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:3680
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4948
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2848
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:1992
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:4924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
                2⤵
                  PID:3204
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                  2⤵
                    PID:4512
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
                    2⤵
                      PID:4072
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                      2⤵
                        PID:2244
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                        2⤵
                          PID:1416
                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4896
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
                          2⤵
                            PID:4892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                            2⤵
                              PID:1472
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                              2⤵
                                PID:2520
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=984 /prefetch:1
                                2⤵
                                  PID:2412
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
                                  2⤵
                                    PID:5068
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                                    2⤵
                                      PID:3788
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
                                      2⤵
                                        PID:2692
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
                                        2⤵
                                          PID:4508
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14237452649959112459,5294919995331701201,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
                                          2⤵
                                            PID:488
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4404
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:1504

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              fdee96b970080ef7f5bfa5964075575e

                                              SHA1

                                              2c821998dc2674d291bfa83a4df46814f0c29ab4

                                              SHA256

                                              a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

                                              SHA512

                                              20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                              Filesize

                                              152B

                                              MD5

                                              46e6ad711a84b5dc7b30b75297d64875

                                              SHA1

                                              8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

                                              SHA256

                                              77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

                                              SHA512

                                              8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                              Filesize

                                              642B

                                              MD5

                                              5a735c596ccf897625cff3c27e734c74

                                              SHA1

                                              7297df85278386da0c7a98ff4bc03eab6490c886

                                              SHA256

                                              062cf19d95ec4a119380add50de68de948928c74fef25b645bd3a70e8f9bccee

                                              SHA512

                                              05568eae44597129c2257d9541dd87c2e7788e24bb1a6bdb2c09125420478c7b7d9a7ff50ff9a987a318793810039ed15135c456184c076d2485e0e46a96b572

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              69794b08537565ac67ecc0559128e9c0

                                              SHA1

                                              d2cd44d522d0bdb44face077d7947e6a856eab7e

                                              SHA256

                                              d79e960f0232ee3f5130bf9f3315232456cca7222ebb969d4a3719279a97b83a

                                              SHA512

                                              f638d6727f2104254d978e094e5ae1c5d17bc1235ae8315ee2550b80d1707abe21b00bbe362789159bc43d01f2fc2c48e49ccaa645e6dc3ef8704c00b922d038

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              5KB

                                              MD5

                                              6fd279a901c40629476d3fb81c388bab

                                              SHA1

                                              93a118a8f1216a879831b3245a66e0f469b0b618

                                              SHA256

                                              208cd74a41c7280d5815a2ad2903cebaacebabc172f7e74273c414bf0a0f3cb0

                                              SHA512

                                              ed859c9dd6f7b5f30a37a67479a85099b0d69f1f3bb784a4722dca3ae232c6d4295ae8e58eb26a28dcb86017ebcb59e6fc34d9b59c629f7f09cbfb00d9e1730e

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                              Filesize

                                              6KB

                                              MD5

                                              c7c5547a646531724fdfd24688df3e3a

                                              SHA1

                                              31c4edfcb62a204be45b35d7d7a3bd52fb3da3bc

                                              SHA256

                                              2f8d54173e570717bb29ce37b582bb33b5e26965fb9c3b56ccafcaa81efcb73e

                                              SHA512

                                              31b0b04a57dab71da20099c24b5e22261f9da3096d5b70488a82ec6039985ed049df1fbfe2cbf621694db47c378b6aa56c17ca9d75cc38c610e35b65f6c2098d

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              371B

                                              MD5

                                              46c458ec425663f1750a0d89b00971a5

                                              SHA1

                                              f96d7a2bac5c296f32f550ab2ad9b2b9fb81cb9c

                                              SHA256

                                              a032476fc1a11c084d7ccc56e9f01182ce1e789c5de6eecd9b3dd7cb9d90eefd

                                              SHA512

                                              2ad4aa304ab1e99906d42517c27aaafef09ba7dfd4f06157f99f066ea80abc520c2e17215f75e47401770e677dc82834339a926b450845a97254b2ddc72f7225

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                              Filesize

                                              371B

                                              MD5

                                              47be8ca96c0dfc77990c07172842af76

                                              SHA1

                                              ad842646f5a44a9ed3df89e6138423140a732118

                                              SHA256

                                              fd5b15d5e1f4f77bb1fbe31dfff137ff102e86d0a262e9b9e5cdf51ea6dda161

                                              SHA512

                                              60c292f05aa4edf2de5e6b2414b307ee192b41242edf18c7a1cf5773d6ed866404393725653eaebed5161fbb3a204b32a2fc9ef2a22e729d989654b9ecd4e103

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5890a2.TMP

                                              Filesize

                                              204B

                                              MD5

                                              bbf29a3a11a31caa77dcfcb264dd6aa1

                                              SHA1

                                              eb20184b4f565b5b58817d8979cce00469210429

                                              SHA256

                                              438e818cbffb59451c74b278a83c0c85982b96f785a6ae54b90d3108bd996182

                                              SHA512

                                              76aedea0a06f22339fdc4ab59721fd60cdb4bc2914889a0224408f4374beba3bf04e9a24265c37931df0221fd2613522f62a4182f74318f6708f285665822606

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                              Filesize

                                              16B

                                              MD5

                                              46295cac801e5d4857d09837238a6394

                                              SHA1

                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                              SHA256

                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                              SHA512

                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                              Filesize

                                              16B

                                              MD5

                                              206702161f94c5cd39fadd03f4014d98

                                              SHA1

                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                              SHA256

                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                              SHA512

                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                              Filesize

                                              10KB

                                              MD5

                                              d19e9600df069017e8cb7bcf417799e2

                                              SHA1

                                              4d945cdf4742cdcb88f28fa62bc06d8ebc1c2b3d

                                              SHA256

                                              1bd2e4d230f052558e22606b6d215153d4c08b79c9e3508005a62ee697b5b1d2

                                              SHA512

                                              489ebe64ea6ea92ae94f3215fb96b64eb83419934b44231affd6d9d8ec06610235a83c51702ead009c13b3df9833971c60dbc5296c6fcd309e304123082bef37