Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://google.dz/ur...

windows10-2004-x64

5

Analysis

  • max time kernel
    112s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 08:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://google.dz/url?q=tjiypJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fhandlingservice.com.br%2fyoya/mjhb/a2FqYS50ZXJsaWthckBkb21vLm9yZw==%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A

Score
5/10
microsoftdiscoveryphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://google.dz/url?q=tjiypJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fhandlingservice.com.br%2fyoya/mjhb/a2FqYS50ZXJsaWthckBkb21vLm9yZw==%C3%A3%E2%82%AC%E2%80%9A$$$%C3%A3%E2%82%AC%E2%80%9A
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4152
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff697146f8,0x7fff69714708,0x7fff69714718
      2⤵
        PID:3996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
        2⤵
          PID:2360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1944
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:5020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:3572
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
              2⤵
                PID:2788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
                2⤵
                  PID:3544
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                  2⤵
                    PID:3372
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                    2⤵
                      PID:428
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                      2⤵
                        PID:3576
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
                        2⤵
                          PID:3468
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                          2⤵
                            PID:1524
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                            2⤵
                              PID:2616
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,16080130029655220741,3038658950385744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                              2⤵
                                PID:3580
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:1744
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:668

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  0a9dc42e4013fc47438e96d24beb8eff

                                  SHA1

                                  806ab26d7eae031a58484188a7eb1adab06457fc

                                  SHA256

                                  58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                  SHA512

                                  868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  61cef8e38cd95bf003f5fdd1dc37dae1

                                  SHA1

                                  11f2f79ecb349344c143eea9a0fed41891a3467f

                                  SHA256

                                  ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                  SHA512

                                  6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                  Filesize

                                  215KB

                                  MD5

                                  2be38925751dc3580e84c3af3a87f98d

                                  SHA1

                                  8a390d24e6588bef5da1d3db713784c11ca58921

                                  SHA256

                                  1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                  SHA512

                                  1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  240B

                                  MD5

                                  44e8be21089146aed9117e6efcf356a7

                                  SHA1

                                  3d6628f30bd182175e069e8de407d74de391f107

                                  SHA256

                                  1682edcc5136b82144398c6219317a68b36784020686960035bfc35f293e621a

                                  SHA512

                                  d7c2c0f1b758623c23fd5d21f1917056ec20a35c77c163d2eebae8cb001ce86742b102840d854ec222975a5b5bb6756ce4ff5a70fced5f0a50a6942b437b45f0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  120B

                                  MD5

                                  f4cba91e08b42685549c3c72a3ea2c7f

                                  SHA1

                                  46b9c79c76f88ecffd455342e9ede34d74ffc031

                                  SHA256

                                  0403a99619f13073a36ca9e184152a4fae28bea3f6729199ab4219f9ff4adeac

                                  SHA512

                                  5b6f60100a76dae71c2076d30b0b2e10af910caa7de8eef2a2206c28aa2b4efbf0eac8c3be4fc6cf636968100add4785c5a03f94f1764622d106c65a02cd6c00

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  9a8fb0c21b8961e9383363500329f652

                                  SHA1

                                  8aac704391943d797ba4d712a86d153132300c6e

                                  SHA256

                                  061ec220e8bed9eeb3326c4d31b71ed646730439f0e4443bf2d11339bc11c262

                                  SHA512

                                  e991b778fca14bc4cef98c73d4bec3ac29bfec7c5dfcbbb29c1bab3e8c7fac4c023ddeda8a9864ff7432b308f93b29d6fb366087dcdbab46e849acba76923c1e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  237d75ee5c69c84a81d6debe095d3f77

                                  SHA1

                                  3ef53f654acb0b3dc167213a4c16f40eeea32281

                                  SHA256

                                  72c4139c0861e7f67a6126c62447c4851b4268e15906a5029db4fb901181f994

                                  SHA512

                                  0a37a14053cd793e6eaa3eb1e13c9b9afacabba4d4b8797dda433ad0bea0fef91894901b1f9eb767fb8fc6f825c55dc214e2c4acd0016f78758557659b0f5e0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  2d1276d4e852556880e10ad431ae0ac9

                                  SHA1

                                  8cd57b1c632318ad946fc98bcdd21b4fadab058b

                                  SHA256

                                  d44a29d65127048a98eba0947f0760c3da69b05aec553ae9a616a0db64a37491

                                  SHA512

                                  cf705ae0d82c7327e8c4285bdfcb5d5aa947304fa54fe4b8e1bd31d8d33e4a0781e9564b68a004380a20d3e17463374fbdc1fe1f1069237f891516ac44e2d000

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  7KB

                                  MD5

                                  3e86c9dd9631e19d8832507c744f77ea

                                  SHA1

                                  3a713728e8e4c1428cdf6454a580f9111cf1199c

                                  SHA256

                                  9de0ba2a8f558bb438c4ae03302404adfb7e58ad45489458ad62ebb21350b5c2

                                  SHA512

                                  eeaf4e4bd76bcfc8f9d7a2c2e3c154ae58f77afcd33411977821b4f98d5f59bcaaca88e26b4e68010c736945a8ad8aff3080a6e4473351e254f08e46e6fcd38c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  204B

                                  MD5

                                  c91063d847ca55459f76b1df18eaa2d2

                                  SHA1

                                  7622451626530a84e20428a7b29e0aa79e32d5bf

                                  SHA256

                                  b52eabb564fcf564f17c2f29fb5d0fd3e5a25eea98752406c8ed5b1822bb145e

                                  SHA512

                                  a71ab5ac41333d11aedac40ed11e15964fd474a0b34aa49bc07ecba9df6852c9225f84ceedc931feed96143f951f03deff9e2517e98784f805b763a0cf0f937b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581623.TMP
                                  Filesize

                                  204B

                                  MD5

                                  1b9042e7ff5fff1e6c1d3bce3b5c41f4

                                  SHA1

                                  c50488f601961bbabe911ff8b0b82d1115042def

                                  SHA256

                                  f080f4f3c724c0dd25027cdfa41deb19525a86dfc7be478fc7f5101510d0b211

                                  SHA512

                                  b8e83e4ba88c2b06665608ca29f2d1a1e46ba8f889293e09378de3dae80329cad00c5b4ae3407a85e3826768e4a03fb0cf544319de6d9130fb558eb223decf6c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f983773d-ebc2-4281-a6b6-f132b81f8346.tmp
                                  Filesize

                                  5KB

                                  MD5

                                  f60defc8add4ad34ab4c82130d1d423e

                                  SHA1

                                  1d8ccef314f109c68e6af71996daf4d08aabc347

                                  SHA256

                                  c124962e549eb4076101f46da576b953ce605618322a365a6560028a51f6f73a

                                  SHA512

                                  102d8bfddadfd4fcd0d54528dfe248c6f33c0a0ed9889da4db4c9ab571d1a45b225a62f5852f21bca5056dbcda368c21003c2f41de2d249cbe509b707a92a18b

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  10KB

                                  MD5

                                  94dfc9dbc41a069abcc335c173848200

                                  SHA1

                                  f56f53c0b761b792e950c85a01a0f40716acfce7

                                  SHA256

                                  2ef7877a0c6095c576485333dcc4d5b173b11d885a4f80f8d838497e862f6c2c

                                  SHA512

                                  9228c90b3f5f16d3a25b8cbe4a8e72fe98e96476ae34692ddad929dc55dd3e9d4ea1de959becbc7a8a7211e326f65b81cf0cd111b68d823ebb12186fa44e4827

                                  Download Submit