Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
18-12-2024 19:30
General
-
Target
https://fromsmash.com/Order-confirmation-263459435-for-PO-424851
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT.
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fromsmash.com/Order-confirmation-263459435-for-PO-4248511⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3328 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4056 /prefetch:62⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7622507666795771800,15621705961276870392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7100 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
816B
MD5cecfc47b5e65118e5655a832f46410cc
SHA18c0c2899c8f95d1b37c3f9c141ea3c4ac1da4a2b
SHA2560319c19a9b26a13274cc6c1c79dad504e7cdb77cdf94bb33e638a29239d78fc1
SHA512803d729dd4ab58256f191bba1f6d7bf6d84b8841dd9b8721389ec9a5270e9d7586a065fcbac79bd904483eda2aa0188549ad7e56239f633beffa651e77f537e0
-
Filesize
624B
MD54d292b6ed37c91a9b0afa3311cc47cf9
SHA1fb6c5f6f478008bd0a7617ddf6c1cbc9e243760f
SHA256e665f1c70c133d8b62b2be1d34709a5e60707ed9fafb389ed568e1324ad639a7
SHA512093efa879296ca5e3d0897e3e9eb84452a4a0e1cbcc257b1a081db134b24c388e23bc39e87b1eabf1328f34f6939f82ba10c7f068cc0e50a18fbb63c8bc400b9
-
Filesize
720B
MD57123021482f5a2e72216026af8619684
SHA16282be753252eca31e572dec403558fb4621163b
SHA2566de0d7395577e05c7475df5e8411c38739ddf80d0e3a6e1ca317db34601a085d
SHA5125481be50d23a51f47b585da952393af1130eb22c0233364d63e188dcec7f322d1aaebece0ff2e6115cb556c423e80c61d008cd5afbaf45324dfec70bced228fe
-
Filesize
2KB
MD5e9afeca4c10400bb4f1357b5fc630a45
SHA1d3bd7834b6f1bb1493150fe8016e4588eef6939c
SHA2568c2c02a784efe934ee0594bdd0f59edd36262321c5b8c75e00201e3950f14ddd
SHA512c730f50799f4e1fb548e377b9bb6a58fdff74d09bd16291c8b036d7774c4a29dc26157e530ea0a0362d3a26688d01787aace4f0712d97c5efb7dda07506857bb
-
Filesize
7KB
MD5c31fa514405ad3ec30092dc9d87023d8
SHA19555bdaa31ecdd58c4191cf41fe46ff442e980b7
SHA256bcc6cd2b30ffbcd83677e6231f3bc8d2d8e9edc27493e8e8bdc35dc2a400f589
SHA5128e45f123ea5e80e122b3e7b3d6e1ab705772d141cdc53e781c809d99537c169f17a16d9d783f0b1c58eb94c3a3fd9d5490c83edb67cf63e22b21d4afd92267ce
-
Filesize
7KB
MD55fd8f2a9203d95c0e49dde32de91e442
SHA1ce55458db1e40ba37980554b32ce78101da27862
SHA256ef7c1d2f4a6f5aa7491fee47494da5132e22b95fe2157b919c64047938f4fe27
SHA512688a4a7ec689ee592583679b1478ebb366b39404a14d8dabfd20122acd2b404c35cf05988a3cc7ff1c2a114b17549116d2dfde82a9eebd4e308d02a2c9308b18
-
Filesize
7KB
MD5c9703308c71be0a8d606488e3ab7de5d
SHA16f51686e4266b039e8635a1ff1a8d9112b3b7d7c
SHA256a084f405ab403cbf32fc127f49fe4e8021c96810a6e2300a25406bd9f5866a5e
SHA51257792117a62185a07bff7c9786f2f276420e68098fef25bea038e8c45abb3864090a0fe0b6b87d516df534d16b56147e9d52eacd974b06f948932f057d419479
-
Filesize
5KB
MD55a6e6ebcce26f1b392b378b9e41fde8d
SHA100b99e61d4990e237b3dc780a005886846856562
SHA256968b876e8489a11021720a104f1147586ebed50be86b1badd7e30bc5ea4b92cf
SHA512fcef9b545cacd7b1fc941ce2416315c06d54a436f56827cb1f7255cdfe77e2a247bae11e510f93fffd1159e046c5ea467a454f37490a13f66b7217e0fd051083
-
Filesize
7KB
MD56acc786f51f8bf8e7862dc7f498f45cc
SHA158816ce30b630a924df448785f36fa03e085fb8a
SHA25656ea047a60e7777a6553679b427f958ec1cb8cd24af3a60cc2a3badd40e46c35
SHA512abef5ec092a13442738803bcaef51e806785ff978e0a709dfecc8f5e5c26033dba960343e54f66d01236323c3122efb2ea829649f01b415ed3e94d44396889b0
-
Filesize
693B
MD58f064b2808b2a8864a1418ab2c0b75f4
SHA10c3297826ad96446a88e0413d8d4cca8a2cb3c81
SHA25691674101dc072e1a86630ea8747c2833ec6e23242196c1152087ddba858aebd3
SHA512a2cb2791e72c3b599b16855e9c20ca9554105275b19ee3bb22c863871037b0a3e9de266025b5005d1f9660b607743c5558c1f77b8665ebcecc1eda91b3fa4525
-
Filesize
693B
MD541eb1519abfd9c743a21ea0488a3a1b8
SHA1fbd4f506fc7954233cdc7077673256e7288b9444
SHA256154e747145c6403e66c019493617f1e0a5af5c7f06c7a14f12d60db19ff005ce
SHA512cf63a6339430565c4264bab4c20acf925a036861f202887202717b43e1db743670d0b4a8604f1daaaf912865e2d5089cc5f159ebb0368dd7a2dbb226f9f141be
-
Filesize
370B
MD57469af29bdd308f6582eee6d7cdd51ea
SHA110129cd3bf0f01e297f828396c68fbcff0113249
SHA2567fe3c8af58862db2eed0f53f6c6a16f8072ccd0ab49263c50038577ea024ab47
SHA51246b10be2a9eab49ec8bb1c5973a45bcfdbdaad95ee5e3e4e67410ddd52aa7d306f42eac4b29ae55c43ab7f166c2b7d790166e41163016719eac8c3404045898c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52ace8978347eb28178fb1653aa6267ce
SHA1a16d4a3f1066ca363f2f0a437ba6803d3cfad59b
SHA256b36ef3b0ddcc0912378720b3435a8b661c511e91781e27a24861e7d4f2d1d3ff
SHA512b6a0fd5e977f440babf477f3b3c3ea0fd6991b1e8eaa39bdef76438bb4e6da75011bd5c7f68f45ffd68b7a84601431a2a057333814b570c6816ab2bd02b3be84
-
Filesize
406KB
MD54e09bb52840dcfa6ac848cbffd0c0ed9
SHA1cd079731faedc61dda4f1610764517ce6b610d13
SHA25687978d44672d3273f24eea6fc452a4718bed0b2c0e228f3a86968be92fe01aaa
SHA5124ff573fcac101f86285c836c1705e5ccc7612c9896ca1343bbcff0f95f97c3690c4e97b75988bdbd705b16c0ee308a9ea07734a49963ebefbe9bd3bb36f301cb