Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-es -
resource tags
-
submitted
21-11-2024 12:18
General
-
Target
https://d2ncjh04.na1.hubspotlinks.com/Ctc/OR+113/d2nCjh04/VW1G4T74XycJW6nMLFQ6kVwnlW3QbRmh5nFLbzN6D7jXj5nXHsW5BWr2F6lZ3lGW2LBwn533bmPcW3pWVZr5y62VrMtVPgrBYNhDW36dY-d33j0PyVLfMmF9g8-PRW4Q2c-W935M23W31M1G86Q34rgW1Tm50Q1Bkr1tW67th5t79s_7CW98PBlR6FHyssW4htGz05nRfLJW3Nv5rZ6RR9Z7W7V0XTj7wYxfDW4QyRrh13YHcmW4FXMF87PgXDvW7vMTvS2GrTCMVRVfv82361PrW2jyF851B_5BpW7NFlPr8C3xCVW110jJh6Rs5P9W5NlFKd2fy5CSW7q57lW2gBzQKW8SG5sg9l-4_fW96Sb1T7gwFrPW6Pv8DN987k0_W2nC9Pw2DryctW5RkyVv8C6fwxW7h53kg1c66GVW8-Kgpx6vGg4lW2FKGlp2d8KVrW46yd9k2NM-yFW92gVWv5DqyXvW3HnQDK47nFPXW3dbQ-F13pljcf2wc5vs04
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: aos@next
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: lottie-player@latest
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://d2ncjh04.na1.hubspotlinks.com/Ctc/OR+113/d2nCjh04/VW1G4T74XycJW6nMLFQ6kVwnlW3QbRmh5nFLbzN6D7jXj5nXHsW5BWr2F6lZ3lGW2LBwn533bmPcW3pWVZr5y62VrMtVPgrBYNhDW36dY-d33j0PyVLfMmF9g8-PRW4Q2c-W935M23W31M1G86Q34rgW1Tm50Q1Bkr1tW67th5t79s_7CW98PBlR6FHyssW4htGz05nRfLJW3Nv5rZ6RR9Z7W7V0XTj7wYxfDW4QyRrh13YHcmW4FXMF87PgXDvW7vMTvS2GrTCMVRVfv82361PrW2jyF851B_5BpW7NFlPr8C3xCVW110jJh6Rs5P9W5NlFKd2fy5CSW7q57lW2gBzQKW8SG5sg9l-4_fW96Sb1T7gwFrPW6Pv8DN987k0_W2nC9Pw2DryctW5RkyVv8C6fwxW7h53kg1c66GVW8-Kgpx6vGg4lW2FKGlp2d8KVrW46yd9k2NM-yFW92gVWv5DqyXvW3HnQDK47nFPXW3dbQ-F13pljcf2wc5vs041⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa9ae46f8,0x7ffaa9ae4708,0x7ffaa9ae47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=4928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5079385385110555141,17690097273578196649,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
78KB
MD539cfd8daf0ec0da7eb2c60cf2fda6175
SHA10fc4272fdb5842e2ed54827cd2e32798d02b097e
SHA25611a8dcbae3c91cc4d51bb6377b371abd8062cd113a8a3bb372951542ed9bcb9e
SHA512765c210ddcffed8427ab152b0f184c0700014da669bd167d69ee95fd25044ef90bad32465db4b2afd8ba7eda36f3d1f6dcce5d2b0c58fb4428e6f394b5dc8c36
-
Filesize
216KB
MD58cbc1ee690a52c480e710597d661acf2
SHA1f2ce7893ba9f154625882dd945dd246a45895eaa
SHA256bfe91cbda3eb74e31bffe705cfb28a9f00216152269cae42463009c2c5ec82b2
SHA5126f75ede2c4cd811c436e554574d392e1af2041bec1a5d36e248d29d3b7af6af1c8ecf9dd9f7fb000d8c6a4727884ed4e50e376643ed75e6dd4afb211c0fc5086
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
393B
MD50e4395458f5e77cf492584481d6d3bec
SHA1f075283178f39fdf713193ff42b4d1513ff3dc76
SHA25627b733e839180a79909781768b2bb64b101df350b2e3c3014c35bc26b1222db5
SHA51233d69123b5aada414cd1c4c37550282430c55aad0233636c20ea118c81926d55fbf8a8c7b8ebae4ee116ffe9f6b3c85fc1697299691acd4e6112400e8e21c621
-
Filesize
353B
MD58e638b240ceb5cb6375996e8a9eda5e6
SHA17ea0045a5643f4a6e119c5ea78d5cedc6cf4bd4c
SHA256c7f3ebdd4aee082ff27565be26aabf765c31422a1c5771812b2c79c6dd848217
SHA5128bd3e3a196ad193c7a0ac4912388331315ed1f033c57798e86646bc6e9545edb3bfb243014998aa86d7405ca3581535b518d11ad2cb25a66caf67dbf0db3f3d2
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
5KB
MD52c7eb271c20c659afb67ac94d183ad5a
SHA16518cf6b2b326f1772ab51923ab6b805e23309bd
SHA2566aebea00cbc1eaab3fdc13ade5d766b48f40bad185ed4df26a921d510045317b
SHA51216ee995158544c8a2c395ac083e0c70c65056714405037a506d6612a9d275bda0de4a5d87f390c148e9137a9a705000ba372e58bb7384fdb7baed2be13e735ea
-
Filesize
8KB
MD59f4722fb48da88b5958d740aff32e3ff
SHA13626871a453e6fe4e9a6a4701d3ea0648507f77a
SHA256a51f2d79d580336fb198b06ce79f12059ee635c80a71f5032be751b94b7db898
SHA51244ea1fd6ef1d8d1ab78edeeaa5aeccec2c186d64e0624341f2ba5f0108ec6f0038db7d435fc473588d8d7baf5acc7d6f48c7f1f946b695131ee19bf27fb3a576
-
Filesize
8KB
MD59ac205af67593da8b080dbffb029a688
SHA172980afb0c356c40430d4813f4aed102cba55225
SHA25625229a6a2b76c9fb72418d57c6c66b843fa0df6d5912d15a268dcfe493af6c01
SHA512b5b63f09929b0ef89cc07c454ea3f7646c143994541c49db487dda8b150aa24dda6bf048ac6cd4f5a2447d820cd0c0dceb09fbdfed1ec63e2d2fbeb00477757b
-
Filesize
8KB
MD5fab2bd5c0976e9b7f3f9e9e9aab457c9
SHA1ab7837809edee2b30d860b88ce6c3e91a881907a
SHA2563f67760f879d3a608dab63fbca56bcb82a306cdc6444b2f32bb668cbe4d50d9b
SHA51226a2015b06974e5308f4208c07e693a395faffb408fd204fbc7c6c8458aee8501fdaa968e82c9241c8c4906426011cf76b34a45b86f223d914d30a6b70e3a6be
-
Filesize
8KB
MD5ac90a5cbf563024a168f8f6d06eec41f
SHA1922f346701d405bf348f9834e47ab5c016638914
SHA256d692c97bcc32940c3ef00c81c713e285029d2b08f9ad1df9fbe760a44d595e91
SHA51265deab4dd47948700d33951364604346d7a93ec59c502cdc89cfe45f9c77cb4428908f4ad394a722cc570668218fb213b6d3ad69d503cb0db1d938b976c6d4cb
-
Filesize
72B
MD5581b88ac3e28526f3f978452e81d831e
SHA1dc6282a3b4e9feb1a0bca48579a67408cbb39298
SHA25609766fb497080358f6e27aa96ecc78e13243b5dedb3ce859d6e94dce1603cceb
SHA512545dd294cf446ec70a28e0b9956d972479b276cee9a773c175e278784aa9423514f6bc106c47920c119d45e50c4240c6a740678657cb76a12809cd2665b5db37
-
Filesize
48B
MD536b358d857a6427f46e8a906bea7856d
SHA1da7984ef4476947fe631cb85a8b8ba408f06de8c
SHA256b7b033647cbf9c3d5aec36b90d41569685fdc6bab2094cbac2decc9bb3874269
SHA5128aad1955ac3a15da72e15af443c335576673e87c21aefda503b5cf8cb2f9f9fe94243318612123d453d1601b48b18e967f5336ecd331aa45e92b49f152b62d46
-
Filesize
2KB
MD54704556b4374a1ca06402ab416c458d9
SHA1570e2b751f59d890e51284d55b6f7ce9250be21c
SHA25644ed4b0eefb78cda36bbe32544582add4425a66af33edc114782f0aee129cf91
SHA512dcafc1e6633efc129c96d06435865fb55c9e766d26a24c3ced397c92191c6fc6b0759610793ebe3716cf864b69425d9e75ed694f32bc229f2741badd98f86138
-
Filesize
2KB
MD545351852084632e4d6ce6b626ad9778b
SHA10f24fc39b7c34e78d138ac1e738e8ddbca0c1f21
SHA256490071e20852c77cb712ee40698491a007b5d8ba6a7b05e892993d059c22b016
SHA512c482020a496048dfd8f4be51ac83694c6e3dfa41beafb675b6fa6b56044f4b9d1c2228dea339839f2b8823681aceabb168b60bda2aa4581f55f1fa5e5503f587
-
Filesize
2KB
MD5d00e82a57b8fe34eb1f39d518e787fd9
SHA190e915154a8539b2cd76609204a2bed213e09003
SHA2569549fe861025709b82654b6c82992babf477b1a09911081477a9426afe3cb6aa
SHA51208d408250c1ec06759049410201bcd373f0fa4ce6f64b0f9a604a45e4f77cb450a55705176fd9d54688e46925fd027c14fe8714b2be7abcc54fa1d1ecd7053f2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD557aa78520f01784556ea4ca9162dbf1c
SHA164ab647345d04c5d88e67ad8de9fa0e8fcf51d26
SHA2562e10078367f1e6ab2cf4dedb603acb7a68e34499a98e3ad4041d82a3fdb83f72
SHA512af049954e7b972789d22b5d6da534dff9800bf2fd666ecff524042a81e740fb2f4211992c6188af669bb0fbcc5300eddfd64935f546c8ad8769c58c541f7d534
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e