hxxps://ecard50[.]ru/e

Analysis

max time kernel
0s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ecard50.ru/e

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 3288	2228	msedge.exe	82
PID 2228 wrote to memory of 3288	2228	msedge.exe	82
PID 2228 wrote to memory of 4288	2228	msedge.exe	83
PID 2228 wrote to memory of 4288	2228	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ecard50.ru/e
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8e1646f8,0x7ffc8e164708,0x7ffc8e164718
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,2604987843758217223,11448651900881638885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
fd8f9f178779b0372c10e7f46d80db38

SHA1
929a30f6da81f956ae8159626f0deaa7e4e69bc9

SHA256
c6019c6ad97e8242dac39f8d5f97a6023a06c8d2737879433bb22604e6e75833

SHA512
ae0ab0ce608929eea41967a1aef18d4d82095171b6de50dc928ae82ba787dfa4a64db43b842326043c51383068ac1cfac87062e360c501b02b1425940fbab8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
c1df40f8687e817f875cb26563bbbe47

SHA1
3e3849c05ce79959c3af900c8b9a14f6049d30b6

SHA256
cc2ae4c2e528120eb457a07e7a18b920f2f8de250f1167370afe4213d231deec

SHA512
931cc2f5f96217c4fc1aab192a87bab26018dbf96eb74c65deee46bd22cdd80ed98dc9782122a289cdff05ffe77495bb328be8ee0c5c4e3cc046d24867cb6415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
d5a2cc0afb87f0f860663da34db915c3

SHA1
3cd37404429bb110380c55643a343c75d4657038

SHA256
95af428083c3036720a107f0f99391d0672a3c8befc8575aa244588016c31eda

SHA512
ce720019cea2db64aa66546567561004c35a1f14d1a4430f034f3143947d4fc6fe7727dd37198c9ff46dcd0ce8f19cbbb735671dbd99fcbbc6b1fbd8b00e6884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7198484faaf046b2450c819adcbd8b58

SHA1
67d94684fc9c2130d1008de0d6796d9c58ce9ad3

SHA256
92e437d229310e65d285d394aef74c19872c3cac1475a85445c1f022cc9f8d1f

SHA512
9d95f0d2aad16e673a918387dc00679c5d8415ea84fc845014b55ad93a05a45eefa94d16fa164027a9604d56e06ca5e10118c273ec29951d993071ffe6a8b4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2142060b8fa879775e4e9860cf7ae82a

SHA1
b154848f9fc68b8066ce1425fcb0891b45300640

SHA256
08850cccc0b987509ac6bdd9ab8a8e86d10f6e0692b9660621e66480b7b983c3

SHA512
16c86fcfe4be5bd264e8ecf1380d2162d55f48ec77f115baf4ab3010f87dfe27648163646f970cd3842ee187164a6dc9db828944e77285726efddb9aea93b4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55a9b7ec576a5e09876439cda864a62f

SHA1
d9e90603979cc2034aaaea82720edfa3ec128fc1

SHA256
ac8047af715b57aef947bf9742a623840b5408a87514398b27226b3e4cc0fbb6

SHA512
8e218aa40b3903be0d6871ed3d68477f767aa310a2c620ab6c24181e747590dbf7e24f467a61966a6361deedd7bd5b370ccfa5c1861c0dfcdaf671ce7401cd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
1eb40cc5c468fff9152fcf0238575d37

SHA1
c946a76ed4c4767cbddade74272389577fce5503

SHA256
0722028dac8ed7fb22cd7ca8b75426df5a84855371374ddcfb383f0d0cec12b5

SHA512
d65ee1c760c7f7d4327ff436bbd9edf7579761784b45c3d54a5d2796b9a339568bd550c97e7bd127b65d16912509fcd5926af44e4d9feb1d0dca0bbc6e6324bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
03ad273ff256ba3ffea21852b0334cc4

SHA1
35b70a62dc33a10c66e575df4deaf841fe885501

SHA256
3fa433789932515827e8c0c1fb3c2f3d14d8eb8a21d94052dc7d9b2aee180a10

SHA512
ab5cc29db8fd66e0240d9360ece6d8fa5d9bedd796f0e67c54307909c912b02189e76727c7fc03183fe2bb3737cf2f00ee4e17cc0061f775e6a8481c77bdef75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599764.TMP

Filesize
203B

MD5
cda36d10258032f77081e93b7758e56a

SHA1
4669f07a7fdd82fe964de7bbe1a793bcbcb912f4

SHA256
389dbe38f4a87b62b84582504c4a1278dbc25650e207c7ca641658974d63ece0

SHA512
da57c6c920c2e07ac0e3bb99872384e8cd223b81b4265992bdb950078ea883b93871a87c58d33bce70dafd60285d0240f5b88f8faf679b16da4bf0bd3e11d50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
134804324a84d102fb7a310492a1cb5e

SHA1
fd6b0cb765406368f55e264bedffe7adf446ca10

SHA256
b6ec5e545e5640a4563e2ce54fa3b6eed173403baa34bf0cb38817985c8d075d

SHA512
4c4ba4e342dd989960a9cad22cdf1e5c6fbfa738175731a83e20ddd681624d6c792f1cd08062607fd12a05853e320ab9fbf507d735afe8fb0dd29619c8d011d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads