Resubmissions
22-12-2024 03:02
241222-djhjss1ke1 422-12-2024 02:52
241222-dc3amazrgw 1022-12-2024 02:49
241222-dbf11a1kbm 3Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
-
submitted
22-12-2024 02:49
General
-
Target
http://irm https://massgrave.dev/get | iex
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://irm https://massgrave.dev/get | iex1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffab87c3cb8,0x7ffab87c3cc8,0x7ffab87c3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15347031020383165459,2681769147611075345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5556 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55431d6602455a6db6e087223dd47f600
SHA127255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA2567502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829
-
Filesize
152B
MD57bed1eca5620a49f52232fd55246d09a
SHA1e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA25649c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8
-
Filesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
Filesize
6KB
MD5d19c7c73556fae75485812d04b891440
SHA106c52667e0de6e41b880e25003a7f3755d6570b4
SHA2565869d5bc609bf8e6f4f3e25dba98e13dd1a35184fbdbea32c79653560bd2d881
SHA51273fbdc0c5118e76cea181eb0b6355b75faee3e266b6495078ca9d4aa3fde3168eefa7b2b260e8110008a894c6c72c01b673b2661c5acbbfa89752f4bd562af87
-
Filesize
6KB
MD59c85858eb42a93f26bf81009863d2cfc
SHA1bfc5d000ac1745ce0bb86e4c221a34d4d2bec3e1
SHA256603f25e137b5b5351bbce145db98e793bc4dd3b85a5971fe41d29cc4051fed91
SHA512701bcc1ff108c99e7f35476f36895f9ce3717f368fe6cf9e77874b7933efb5b7b0fef3aec4d7dfe10ac2c4f7c90e2503496c9c50959fd2d6caf130c500f5f58d
-
Filesize
6KB
MD5f3491fd5cf7dee701caa1136f2debd49
SHA13a117883acacaed7de10cfa8f9be92104bf6d4e0
SHA256badb9aa9f5cc92059e414b25d1249f9785eb3683ae156e4618f4c425cb110a09
SHA512a17c2527cb32dd14c2a871f1edb9f391b17f8525e5a4dfe12e258fcae2dd39b0675c878880de29322e1219d53aa5ba803cf1350932b50efea9889f3cec28902a
-
Filesize
6KB
MD531c9133bfc4175d21782b2dd9c205fe6
SHA16c8d6182206670869a9f2da8e1f716b692dc125d
SHA256dbfdc730c2c941f3395e1c21a175afd4ee792e3db80f9ce2e018a1adfd151cd9
SHA51276455019fe18b86ce2c98f97366d18cdc0c8add7436ee37ee3cd7991d2ee0387fb81e0d99cf15dad4c8b51e03e95a16eba20efee3a147659147b4ee7bb66c26b
-
Filesize
5KB
MD54fa2c1e799a1c71250bebead4cf51508
SHA1676206c78c8cb3e9e7016cc3d5467029687b5644
SHA256e8a4fdb419445b840eb1596226baf2d4d0b4c02d177c539f7b0c572bdf07738a
SHA5124dcc3b0b737855cf30b8eb24129621b2c8a0983cae7b6aa49b56547734c845a83528f406a626d72a70329f109afd7606f1252601d05de04c73470f9b48f68096
-
Filesize
5KB
MD59890da74fed6dc8c01d3f5c4786ea8b5
SHA1114d853628370f574d4842d1e851df6d6f446d3b
SHA25682309bd973ad8ef9ca7b1f230dbc60952f56f66876ae5c919299a875ce468884
SHA51259270e67a6730c5f100721e5a7d8da4e8e5226947a91548dfe7550ef2a40f25a82f017ec1b56e409acd66478d798581e3fca2b1b2cacdb142809aadb58dbeae1
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5a0141bc358c7e4ad366c6404e4829cca
SHA1585fafde689b67a955c8142b2b4f71983b082afe
SHA25618f7d57f2ef82123465a8f21f83280d0185656a7ceffa024b1826ac865bc852a
SHA512c6995531d7481410b13a4bed8c3e1fa769ddf6b8d73e91184883f030556d23bb076188fc8a19c51b3875ca510fc55fd3d627a43fbc86232340e880d7763d040f
-
Filesize
10KB
MD5d2070fee02940f7c61a872be8c79f2f5
SHA114789bc2878a711df47da1e4798b9ec54624b144
SHA256b1c7c6c04be0d66580bdd98d800c17fc07a8d3081b0625caefc1236c2388c513
SHA5120a29d3bd571a0693fc094b9270f2b853cac00483c73c2f36351baed06ff831a6da05e9c2bf82454a48dc2de4c9a1e791fe3c9e57572ef437d0d9996a158106ed
-
Filesize
11KB
MD5ae679d78ca98853e21a1b21937c008f0
SHA191772f0e8361f4b86764e72f5065ddd88986a3dc
SHA256e435d0e0ee84f5118c12909ac5daeee08a3ea5d698638ec46f8a90e3056a3114
SHA512459ed22d437c98279a4187183530bd8f063465d44c4c62a08582f816c4cad60604752caed97afa3285baa09452a0b143a95110b257ec2dd45a47c270e3157cc0
-
Filesize
11KB
MD50f44c9284dd5a35b52a09870174413ef
SHA1b027f2001e7d0cc1ecd204130b567babddb4f6dd
SHA256a4bc0f599d441e74040f22e7c1b147d22d5a8f57a9556c583654fc6a5555e1dc
SHA51233daade4599484c717188b5bcda6910a3b27a725469c376c85014879b779d5e19aae817c278e1d7c9454d5269efb82c5c7d93e52b0dab060201549a71906c668
-
Filesize
11KB
MD53cfecc3f0c69d0f1ff97fe6d233bf18c
SHA1d38df5fd0a42274a964d0d4fea9313cb9e6049a9
SHA25652081dfb21c3751827a35e53144c8fbe2ce03683f983db10a8325cbdfad61c3f
SHA5120be03d355f6809b3e5c427f285a40fae9437e510c24f5bcc10bb4b2915b3ad094aafb02896070e9ce4d017cdd7ce51a95e44abddcdf74f72e2e2663648086376
-
Filesize
10KB
MD57fe1269b8bb7bab738a53151549076f2
SHA1760956caead5faa620c439cee89e6db1b8f18491
SHA2567416a21d202a4576af6c73d835093d1662e07b67ba77cc217af55addf6da32fe
SHA512342091625681382e6e78ca8d8fab5c942e07ae64f8b51d02ff4c2b915f7113ffec7bcb5c30dc0929bd068dc19d28374d92ccb9331d5945268e74e29f4d714cad
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
10KB
MD51301a13a0b62ba61652cdbf2d61f80fa
SHA11911d1f0d097e8f5275a29e17b0bcef305df1d9e
SHA2567e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716
SHA51266aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b