Analysis
-
max time kernel
269s -
max time network
247s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
19/11/2024, 19:31
General
-
Target
https://www.gitkraken.com/lp/github-integration?utm_feeditemid=&utm_device=c&utm_term=how%20to%20use%20github&utm_campaign=GK+Git+GUI+-+Search+(EN)&utm_source=google&utm_medium=ppc&hsa_acc=1130375851&hsa_cam=21404161199&hsa_grp=163169494265&hsa_ad=703541163970&hsa_src=g&hsa_tgt=kwd-298064504153&hsa_kw=how%20to%20use%20github&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gbraid=0AAAAADeUjDGFA3Hh0rQucYpbgMbGUqVHk&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAyAAEgJrp_D_BwE
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.gitkraken.com/lp/github-integration?utm_feeditemid=&utm_device=c&utm_term=how%20to%20use%20github&utm_campaign=GK+Git+GUI+-+Search+(EN)&utm_source=google&utm_medium=ppc&hsa_acc=1130375851&hsa_cam=21404161199&hsa_grp=163169494265&hsa_ad=703541163970&hsa_src=g&hsa_tgt=kwd-298064504153&hsa_kw=how%20to%20use%20github&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gbraid=0AAAAADeUjDGFA3Hh0rQucYpbgMbGUqVHk&gclid=EAIaIQobChMIz6PDvZDpiQMVZVz_AR3h8iBEEAAYAyAAEgJrp_D_BwE1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd875a46f8,0x7ffd875a4708,0x7ffd875a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14519876187828818997,11232382975595105165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
1KB
MD5db3ae9d390097ccb81aa98305e604dc1
SHA153687d425be53559e77c3aff5ae7edeadc342a12
SHA256a373e2acc00c8ad05079dda59749e84712af06706bed8ddf19ccbe1771cbc39d
SHA5120c8e7e4a767fb9bf5fd670ec33331ee6caf193388c58757b8a4cbbd0dc39c8937f37898a8fcc4eb7cf5f6dff92a1bb06eef7ad00589453954b4fbe927bd11679
-
Filesize
4KB
MD57719199dfd7cb578157d5894399aada0
SHA1a5fc1f8d23e93e206b04ec8500dea572d28b45fb
SHA2564806ff1dc91a7935164f53969feee1f290f1c91bfcdc5a852d19c7a6e547d1c9
SHA5124a09b07e8b93c157ac73d52e61b9756fa2bcf52951fdec05550cd4d9c014c0d385595785600188267502431a188ddc4233a671c57879472caf1d0afe0b8b8f72
-
Filesize
4KB
MD58c87d24e4d8ce69879b501a64791d531
SHA119b50bece5f802e9000bd262c8e2e814805d5a1f
SHA256f59abf2e43afd1dda2609302da8b8cebf217321515c3b39341f09f91d92a76e5
SHA512bbc8897309a5b8992839a449f863440f7ea8c10986d1db00c19a52840c20d8e7aa80ce24192824ea07e2fb8733de684113dbb026a246296175b7e504a256f6ca
-
Filesize
5KB
MD598e57c1cd582c55db549f82dda9736a4
SHA1b6090d8b32f865bcd5ea1ed475d915bb7fc208bc
SHA256b949f2119d5de1a4806a3ce6431e19956d1f14eb32328f8baad1e8d16eb3f193
SHA5125978db8851bee2190fd460fe78832e48c1b38c08f24653a6cac56d2c78698b435a061e4a4a7d4790cb3e0d3e0142c1233883708c6aa19fd9d2825a1f29a8b3c5
-
Filesize
8KB
MD51b4d19831ba8963b24b44e728703473d
SHA1791ea520130a5df58f3464b442d459bfa405c79e
SHA2569180a604f25eb237c35f2444f5f208e8daaa6c9e5a07326ac566fafbebe49204
SHA5120c1c739cf95de4b8c1ed50c3adae33db48488a34de37d110b1b3117380b16a952d8c14f4453ef016791622654437d37b78d3bb7bd3d830533bcaedcbceaff206
-
Filesize
72B
MD5e9170e4cc9c144068c2acb858893230d
SHA1879c74a31164017f768e8f3235dec742ceba2856
SHA2569bad349696561a5f7474eeafa8b2b436db4140e0f143043747a705d7b2b6bfc7
SHA512c097089fa6b8d5a29f52922087e0e496e1d9bea7d74731f7f61378bbd0c150d5335bfaf37b108b5f45397878d532acefc7a13e80c0c286f3ce0c49b8fa4a0b10
-
Filesize
48B
MD5f900bb6ea3585718d7882ed09607e213
SHA121daa2a228c7feaae2bc52187edb15af3f21267a
SHA256e57552c9d25b1ef826dca9d298ca23a4d2252eb8c6abaf355fc28339cec78f56
SHA512a4498f17a03132a4fa8395024d98483d14d4bfb3dcf8940120daaef9b209043dffce96f913947106c8c9be2481f7453f08ca1b7379d6bc3882e9e660a912e930
-
Filesize
1KB
MD5d1ed68056f110c29c8a30d9e0eff69fd
SHA1d7549b467a8f6f55d9f9389ec9cc71163d025e3d
SHA256bce268c41938c82fd1b184e82554ae134b20961198042c167b062768ba1866aa
SHA512c18094e51eefb722b99aabc02b618a052435304e25fac040cad6bfc092c9e50e0c985ccb150105edc7e67be9bb6851307b50a9b829ca8b550bf7a869835e8262
-
Filesize
1KB
MD51965730e9f6850591537e3a802437fda
SHA19b0f2b9cc3737bed617128c0da744408560e7add
SHA256fb5ca2f7644338f819ce69347ebc4497d7ce5660f2bcd4799d5131f71faf0678
SHA512aa0e0026061282ae8c2ddfee1dfb8cd9d9aaada1610fb2a6af9a927f36c25868dd51904aeaad9f66faaae4c0222d3a8ecdf591804e5c3bd70910e32b54d79750
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d16f8174cfc891a82dc220562927b1b7
SHA12ca48f983ee8ebc7973770f96d816c90e4ba5d0a
SHA2569517c07dee69b32dcbc97d3d61b3a0fa6ea7c88c4d0b9afdfa2e6bbbe6b74171
SHA512dc9f2d067f88bc292349ce24143f933d5e6c0f59c326a8a8c7796b4480ed959781427eb73b8a992ed4876768090402441453a247e4f9939a0652aa7a25a99e0b