Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 15:48

General

  • Target

    https://drive.google.com/file/d/1XyQo3pHBhE6PunS47pJLCwyQTpBFNnuj/view?usp=drive_web

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1XyQo3pHBhE6PunS47pJLCwyQTpBFNnuj/view?usp=drive_web
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:520
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b18146f8,0x7ff9b1814708,0x7ff9b1814718
      2⤵
        PID:3112
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
        2⤵
          PID:4000
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4700
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
          2⤵
            PID:4112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
            2⤵
              PID:4720
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
              2⤵
                PID:4508
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16920776444093304359,4745447916545674060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                2⤵
                  PID:4596
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4260
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1412

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    e55832d7cd7e868a2c087c4c73678018

                    SHA1

                    ed7a2f6d6437e907218ffba9128802eaf414a0eb

                    SHA256

                    a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

                    SHA512

                    897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    c2d9eeb3fdd75834f0ac3f9767de8d6f

                    SHA1

                    4d16a7e82190f8490a00008bd53d85fb92e379b0

                    SHA256

                    1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

                    SHA512

                    d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52fd7adc-e2c2-44c1-9712-5f41f135102a.tmp

                    Filesize

                    5KB

                    MD5

                    292a77fe8a98c370900202161b53e5ea

                    SHA1

                    824ab01bd414a8ce823094bd3be6b3e8881b60ce

                    SHA256

                    fba9e76a04a09e20efa658f6911c66edcbd9f2e0a0c34913c1679cab6c6b61a8

                    SHA512

                    a792c5bb3989b97604c78ef86289772283e34f2b84de4a5de11902370ca2ea88acc1d9a307c3cd59d650b179351c789c108fe8642416d79e65dc5ebca2e0660e

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                    Filesize

                    432B

                    MD5

                    6d81b6a5294500a48749afcaf1694c13

                    SHA1

                    c0c61a272150c332cafa3225357fe7317c443dd7

                    SHA256

                    435b3f281ab7a0c6699314c70a8e8ac88107491d1fdbe6add53a4df1319f8241

                    SHA512

                    67b0e16e35dfd6351ab6ede99020d94d1a57fd6588f708c70722c742e7e40d87e51d9eb6b30714d51702fb2652fea7bf07d36c4c29f907359de8a171b3da8afe

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                    Filesize

                    3KB

                    MD5

                    032c0427a30a71e61cb2818d193b2635

                    SHA1

                    d5a5917ef0a54ad47750b475c4e4f37b81dcf105

                    SHA256

                    c12d6a9e3e31a2cf143bd8432cc60e95e0c550d17db266b4cd97184ef759880d

                    SHA512

                    4330923eefa86f896cfc5214c8ce0a5ae5fd84d4c19b51cd29b429a4c426a8e57d9738c5463ca96e0990de50337c47b27b60187610257bb08d68cc15294495a6

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    6KB

                    MD5

                    cccf56c1d3bb1fb1720207027cedcf42

                    SHA1

                    536619f2ec0a3d7680b6da47521ad03e011686c4

                    SHA256

                    04d60d2d0ba5945d10d9253f625fb74bbb50a9214f7988336a4f72e2af939df6

                    SHA512

                    17783307afda9c9732bba0abb2b38db99f45ccf8d018bc4d8db142eeff84cd2b9e4872ab869435fdec2ed117e7988e8e26482a0c7ff9490263dff563c047f4d4

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                    Filesize

                    10KB

                    MD5

                    85e032d8db4a70a168a56f4773544bbb

                    SHA1

                    3b8ef366f0341f350ebd8b71ca88c62c4a37e9d9

                    SHA256

                    b203a857f91f8feecb59736632d2966372e53f9a91695e35fb4cb7531716c0dd

                    SHA512

                    af3812faae1ab3ccc8d58e3b459586daa54fc8f1d930b6ac1506b8d3213b6731252d1fe58b73053816f05d3c454169ff886f63c5096689c2ef0e81e440cb9d89