Analysis
-
max time kernel
105s -
max time network
107s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
13-12-2024 11:52
General
-
Target
Best Free NSFW 🥵 server (NSFW🔞, Snapchat🍑, TikTok🔥, OnlyFans💦, and Sex call👄) @here @everyone.pyc
-
Size
373B
-
MD5
d93b1caedd73bed4ab4b1dc4fd340626
-
SHA1
ff9203080661c5b0d2c86f7e9f4ecd52834ae9f7
-
SHA256
246b12a982f1c72b3d163008bc3cf96a63cb6e90ad9c9530e4fb5abebd447f75
-
SHA512
1c0eeba3a7685ff4a3e123db0d4028449b0f2030172a510cb4870745273a398466f6fb6d5bf2ce8f902da8907ff2f4a132c81e6211c3c3fc563559347a328fad
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Best Free NSFW 🥵 server (NSFW🔞, Snapchat🍑, TikTok🔥, OnlyFans💦, and Sex call👄) @here @everyone.pyc"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff70953cb8,0x7fff70953cc8,0x7fff70953cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,17520689989008185531,11924425942914090959,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e1544690d41d950f9c1358068301cfb5
SHA1ae3ff81363fcbe33c419e49cabef61fb6837bffa
SHA25653d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724
SHA5121e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da
-
Filesize
152B
MD59314124f4f0ad9f845a0d7906fd8dfd8
SHA10d4f67fb1a11453551514f230941bdd7ef95693c
SHA256cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e
SHA51287b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85
-
Filesize
1KB
MD528f8470290cd520554316ae1c9d9bf06
SHA1b42006a303d74d723454d54372a8077028808626
SHA25623ec41aebd2be43505d691804652235b9afa428bd7dcab26b8c71c52e1e19a05
SHA512092c6d46038556a4b0fd0a7861703868649c186e720e686510c20cf9913e36dbf9e16d538715a3f2036c51f7113a76f81bd061de1266affca8403c14627c9c7f
-
Filesize
2KB
MD50f762785fd98a1ebca48d2d0a1d1faba
SHA1581730f957b59572eb5a61a0b49666046a080c4b
SHA25612d67327c04d124ebde199333c77ddd4c547d0ae502021468702d6fcd44a7f43
SHA512632517d03e22b50d4d414bfd07f41bb40c03712a88b2d15c7013ada33235624205b6f932df69cde4f5311bc1a0a76c5673649201532e5fd4e09a5bd6e02ed6e6
-
Filesize
7KB
MD5610af35b8e6b8f3fbea04d530efb8c03
SHA1a86f8341a49a4286dc707625f0d18572219e0170
SHA256e6c6dd6b480f6947d3587d7fcbccdc15bfb8beeb46f870f8fb76763cc2ed0d52
SHA5129fbf78d87a8da2bfbd5aa74d01c316ca29668ced019769fbc98da5ee1554a299f2e130842b29301f8001ed4e7020f51eb3943f0bc625c0d2d628c706a99eb1fa
-
Filesize
5KB
MD5d31be2ab1aa0558a502f51f4f7e58eb8
SHA1b04312f2e30c0a9c9fc1c71b680e1133465e838a
SHA25675bc9a48f04b43761a6141aaf75646d8367d0b0d26164af72facc58b2c89e3de
SHA512bc682bd3edee3a0385e810b4e7963366c832b44b852bcf3561a13e3116e2aa87d2ae801ca4c4820b36a596d561a3ddd3fcc308237f0a5110592c75d78ab6595a
-
Filesize
5KB
MD57bd7c460bcae21174c5b427736d3b879
SHA12a966ee03158731f58b653cfd813cc3422212e77
SHA25608a8c7a88cbf27b37c2a17f78c14b477aee222ba9b81caf79f4c5c64c814e499
SHA5127bc2cda005b4782bb3734c0158f3515b5ce175e9f9334f9abece1c9ae2420f2253d641cf10fb9bb45ba6a364bbe55891198629ab11eea96e32ecb67f138974f1
-
Filesize
7KB
MD5faaa532c04a2bdd67ebb09c9795ba94c
SHA1306013b72d638dd7b763ea2531f123151b75a8e9
SHA256c9329274b1900933505f9f1f0b52712020c04a2cc2bb40a18c338a02f9af4ae1
SHA5120b23b2f688924c535464db56d0a646e724c9f0db8ac7b208438cc2956311ba45d8fef354bb64fe9995795238c4a6e7bd0a5a34184a3a74f3e371bdd46bdce7b9
-
Filesize
1KB
MD520abf5d0151b91e3c77cdb2ef6c4096f
SHA1ff97d7e713f8a80b799031671ca0967b6eb313a9
SHA256468ee69b8ac3954fd4d94728363a4af4ed33c4d9f23d83c4d8cd2b19a929aa11
SHA5122c616a25e77440492ea4c1ca41c9df85c79072472c29652304ea68ebdc44bf0c49a73a225453e06092e5982e17ad3cd2c018b43766d9fb6b8bc46092e59607cd
-
Filesize
706B
MD5a3b0596da067c19a438f88c34b0095af
SHA134cd2f006c75385104c41c4b5f244dd550a923be
SHA2566fd058e7cdcf4b295c0f90d8f9efbfef83412bd3c14beacb88867d0b5e7279cf
SHA512b03ac9328d1add637042f1b6c908d6c60c77b0498a8e8871e58c685ab4463ad75eebc83daedb029e7b112b87c47e9ecc7a7e98ce5454531ea5c75c618f0574cf
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD555c86f7e059616741e978929c47901f0
SHA1cb52cc7a20236f8b2bbd47528e42fe5454c2191b
SHA2560cdda58f73dc23e7295c4533f2d6d46ac25a37e772afc6ab66cd3f9faade271f
SHA512f77f14765a8e5b5fb8e4325da6190d164cc2c29d8eeef49ab7802fd93029c963c508a175f80d30a82e127f5c03b7855e345b3ccfd64ecc16de84682c7096da15
-
Filesize
10KB
MD5139b74ad5c2addc552c3fe0c0ac1d781
SHA1b8e0860170b292a76ac82412c981fc08d5742ba2
SHA2569982c2e2f7a4b8486ce4808d25e4ee22b5360308f8f0b0729b98953ad9fe1e47
SHA5126ff5423d63601c912db9aa9fa4959eab4cd590e756def3863a8dae42114715812213d1caf38d8aaccb2580cf18edb4cb3d8eb8b6c3a010c02467b48b974057a3