Analysis
-
max time kernel
37s -
max time network
40s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
19/11/2024, 16:16
General
-
Target
https://haialiont.co.in/click.php?key=qkqoyuz88rj607knwabx&SUB_ID_SHORT=460b119fbf8da51075a82f61d781c1dd&PLACEMENT_ID=24204966&CAMPAIGN_ID=1160262&PUBLISHER_ID=2044770&ZONE_ID=4178702
Malware Config
Signatures
-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://haialiont.co.in/click.php?key=qkqoyuz88rj607knwabx&SUB_ID_SHORT=460b119fbf8da51075a82f61d781c1dd&PLACEMENT_ID=24204966&CAMPAIGN_ID=1160262&PUBLISHER_ID=2044770&ZONE_ID=41787021⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff852913cb8,0x7ff852913cc8,0x7ff852913cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1304 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,12791447302957100083,16801857704450467991,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7160 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5826c7cac03e3ae47bfe2a7e50281605e
SHA1100fbea3e078edec43db48c3312fbbf83f11fca0
SHA256239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab
SHA512a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e
-
Filesize
152B
MD502a4b762e84a74f9ee8a7d8ddd34fedb
SHA14a870e3bd7fd56235062789d780610f95e3b8785
SHA256366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da
SHA51219028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f
-
Filesize
5KB
MD5fff95fc970cf3af4d60a5faebc9f94a0
SHA13a282a17bacf128078e61af4e6038507052b68fd
SHA2569de4c9c66bb4feb4203d1df035a81b226351b739830ebcf8e03d14d655e6bb30
SHA512a74753a1f800687c2682b57bbf62d70bf418ef63c226c1c25378e6a95438908ca1d52dba36dc23fc3add1f7d7796ce02b86593358f595add057d09f2c9675d09
-
Filesize
6KB
MD5873eb709067ad24c896f169f3aaf1a13
SHA155e2fe97ca3cc4c70dd313ff1e4fbe3d5160db16
SHA2562624609ef0c7951dc43132460c3fd553c5112fa8006ba29f831e2f79b829cabc
SHA5129e6cf3c4151720c666080caf7514c631f921a544ac146a164ded3c7f395465d6ed452fa2db1e96b06461c72e170a2622134c395a31287171ef9464d2e237c13c
-
Filesize
7KB
MD5da7f443b4ed6a87537e83d0759dedb94
SHA1552b9a0bca59b7a4fe924c631eef3066c019c0ae
SHA256d5b4e0aa644b85e8ded706f1a5017cd685fa9225cff1aaad1ef516fdf4b22c73
SHA5125f6aee46a43fb10a73d7682501495da83235d91cdacaf2a72cc7c6e7d62351b9c8c9b8e1586d85e7bc7321e92c9de0a616c773b2c88db8b606862edfca73963b
-
Filesize
7KB
MD58181de3c268863f8bc5acbe3988ce34f
SHA1b00f13b6238ca945fb3e8932ec0a3fa90900dad4
SHA2560dcf2fd57a07574e5cae019c3ad491331ed90af40fe1e82df4393bda272f81b7
SHA512624f9dc3e97c1f889276a3a431140ce50b4339041a98f1f5f280be8d00469ae24f6ba011be344c6d7bf2def7e5b3448dc8b1b2df8764cb48f15e57e9663fb83d
-
Filesize
72B
MD5e2da00bf51a0ef56152ef5745bced76e
SHA1c6f5a7a1d5da11ced121f9f545aeb3d22353d69b
SHA2563f9f4812e3dd20edfb2949e4d807601b7c71d1ef334424cf2e5197c98f0c3dd4
SHA512d0a673a1360ec900240407bdda796d6d0ab18acd3ff4bab56265061d9c472e4e70be972ef58692bb28ad7e56c69a486d8779f9a571458a25118637ad5940eccc
-
Filesize
48B
MD53cf31651c30a1d8b3e74b44e82fe7934
SHA16d12e29a20f0ffac89c0095d88216fbe8778eec0
SHA256621df50a8606e99a918a5587a8d24bdf19abe48c986881f69f56f33952f579af
SHA51200551a963656e34e6cae1c25c5ea601192d227e3c080d1d0e0f3e30a74911410ab810b1ab5d04438e1a723220ecb221f35acf22997925fb3cf4b0b1b9ed495d6
-
Filesize
2KB
MD564a8cac37e7a59347a7738bf56732206
SHA18c525371cfe2c75bd53306a59e3183db2e9c87fb
SHA256c62827da65800a6399745cce295e3d5b3c0168d60e782e8882c0e7e6222725c6
SHA512741ed812ec52ad9642512733fc66742bbed5083fb80ca8aaa8511d1bece6949f77cf038bcc7feb3dd7cdf75cd7099d2e9222ad478289a07fe7aabb2e2a831ada
-
Filesize
1KB
MD576e6e90dd08f13cf2729f0b7dec5bdfe
SHA157eec4d0b8f15e04a81eb7319c7095e9c9a7fcda
SHA25608b23f1c0e3bafec0fadcd956538ac764406ea627b6517d1de09d3546a974c9f
SHA51229a2cec51885d91c17d902530d8e35ebec054e2d14a542c99085eb1dc60c6fc03de805ef16d6f99663fe39312b7f25715df8c09644f92c2fc0b26fab83c206d5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD541a6f60136202be885ae0f734db9f35c
SHA16cff4669e974c1adaa9d3db5fb592a1d6eb82c5d
SHA256a2de059b7b56189584563efb8a869bed3f89c6bb96db2bd74e6aa67087913738
SHA512e6839ff49b79b972ea181fac14e07fa1bc89779ffaabe33020b9789c063b3bd7cf1878cc9bc2ab68c28062558893414b1e9d2a20c7d69e02cb6c7a2c89d95822
-
Filesize
1.7MB
MD593351749ff556cf106ddadce6daf9aea
SHA159c986051e3639a2eb4ca07dd5c555853de66b99
SHA25620c7bd657c6d318e4bee2526eeff396d8bca3788163f3819207214a19600dcaf
SHA512c1fc2be3d5cb2ffb713b3a48a242a2020132a787c87920fa54a417b6b79eb3841a1c1ee9224d55b530715a8dada3b3afab0505b47e9ef8c8ad3e7570fc033b42