Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-12-2024 17:14
General
-
Target
https://u.to/L1oVIQ
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/L1oVIQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1fc146f8,0x7ffa1fc14708,0x7ffa1fc147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17840978100504139094,14713719047702943364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
37KB
MD5231913fdebabcbe65f4b0052372bde56
SHA1553909d080e4f210b64dc73292f3a111d5a0781f
SHA2569f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA5127b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919
-
Filesize
528B
MD593e4e13728b64aa9fb195d7c40d5c8a4
SHA1a1e42b6fbad130b2f28fc8195f857afbde7c0eee
SHA2562186b387f4a6f6ecbd9a8af994bc3bd94d880d2a265dae61b0596d055e383cd6
SHA5127801a3085204f7877a9a3e17cc82a670be3e0cd1ca3d93014fce8bf8899498052e8f1dacf39a4f84f8b490539244e44f99ab1df936dfb9fa5d06043a75f75087
-
Filesize
1KB
MD5385a65ae87bd402bac16d3601947c139
SHA1d2a56eb0e21b97fb60535c801f3da249387abf3b
SHA256fe2b2c313be484f93fe34a01b86d321e6a44a1355104324428d06f25682c69ec
SHA51239f567a971f4256834dec1fa3509faee74a43fc5c98f2c9904b3be623082103a2559e7dba883ffddf038e379acd34af25adc1088fa39e63407effe251e42d2c3
-
Filesize
9KB
MD5058fa2f521aefe7f6aa0354e18a32d4f
SHA13e3732a7a44cb2981eeb9a4544b1bdd67ab3bbda
SHA2560257a07cec29fc421826f3b038b2a975e3cffd45abb613157bdaafec3665d0ea
SHA5125121a587215877a9f061d23fcadda849fee4bf488ad73055c8409f78a53e2b2e65d877578e1a8c0b1505a2f19ad6de328d71b1f0b27c0df582f143572c23b53c
-
Filesize
9KB
MD5d9b6c25170681a9e8541a6e163a04233
SHA18ba5134dd1e4f9f0dd3b7275178214f8ff8c52b9
SHA256e725fa95c2f76141d85631d56ceb569d23f456d21c92fa31df3117f48751d9d3
SHA512f850fc7349f4f153d81849388a7f1d2b6fbbb0e9ea598fbd4e34442d654ba26593e7e66e1d3844a6c0f4e9e20ebf2819ee7dfa7d1662377ff8039747e0f6c169
-
Filesize
5KB
MD523edde0d7299510777e5b0410b249cd1
SHA116bb3e189d6a8f8b6dc2ea45250363055c4fb095
SHA256ecb31b088b79b7d220f979d1ecb4f5a5aec6b7a9362bbee0b6f5b1480b7e0110
SHA5128dff3ef992af17d3582c7b594ff08e0a5d0d477c2f02e864409258616d4050c7db9d2bd742a801e8e73c507667912665e0a90a3dd5f4bb9f90b6dd91457d3bbc
-
Filesize
6KB
MD5c70a8cd86760e5a45624d21264eb8433
SHA1691215cf8778a465c0fe8c329464bb3cf6a55e79
SHA2563914449075c44f6fdacb1f86bf747882e2b511e5c0cb0a718098724477f0e350
SHA5127419256aa91b64310777356a22411a1a26bcfb60f9c873d729e1a2568eb6f5cfcde1850d13879f9ad65661c40423b4e44e8eb455f238f86359635f603093f3bb
-
Filesize
8KB
MD513aa9e93fdfd881a7eb0d77620773677
SHA193d8f7195b61529632a02a4444dccffcb4200578
SHA256fe9f11d4f5094733be99ccad35f483abfb47774f2f7845401571115c2d628a08
SHA51210e6a78109b3ce9ab0213225e5e5a054476d7b58d303b54d75fb8a628d09352a905d8a31c74681a90002beae044468ec5e2374b0d8257a3a10ee4d926419890f
-
Filesize
9KB
MD571fe24c99e24fe12cf2e8591cf25b65b
SHA105756127b973a12000a3422f639aac8663382e34
SHA2561026dcea1e52c0c32f983696905226e20502e8a8d32d7441c8c66c63e937fbfc
SHA5126fcfffed505c0db770958bc4fcc8d6f687fba9b1dae76468dd59cd7d4d87b3ff0956fec4f5cc42789b660b04704ef3515468104b3160106a0eccbae043d87e89
-
Filesize
1KB
MD56ea40b060b26a0c2e4289db7c3c48353
SHA1caf1467d4ede434498f400b34eff237a72fe863c
SHA256fd33d9c15dc7fa5fee810e5fe4fb7b9213b690d195f086e3c3355940dc0c183b
SHA5122eb432369768d98ea293c9d37ad35995ddf09a9d8e8ec72afa1c23bdcc450a8d54d2f3277749728a15e241355c583147f05189a22a9d20d5948f7b6586d1b758
-
Filesize
1KB
MD5fd2323979fd205a12fe86eeb9514690e
SHA1e7aef8d3f05b987e2451ba83827e3a90cfe173aa
SHA2565f41c2af3112fc2888be4017bbf0ed7819cba34a51b03025c071fc7cb34e6b58
SHA51285961b64e1073817e8f5caee933df5dc1acd76f7bdc4f258f641915c55b167ba6bce672bb911f4d4634179912b67dd9bb1d5f0815bed915b639f67c4b6c5565c
-
Filesize
1KB
MD5eb6df1400bfb309eea0744e67883e409
SHA1a921c460410ffb8732cc98dbc0faf33ad3e96620
SHA25623564f568c23d4b3416e7320a2b5eb24af1c78d4b863945647e9631b46d3a1ba
SHA512a942d53a773ef9adb2b594d8673da635f61471ca1f9c0b3fdbffe9b8a70ea7723d2eec6d060df18a23251f648c51b2eb915904741cd177a7dd664573b3b6d507
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58b10a4f2dac1fd5d4743f52452db0aad
SHA16e0e2fac4e475d123aa2e1d6b83f1b11fc508c8b
SHA2562019e9528fe223440a775bbad82ef9c03de096e0e890281a29982024901ea7e5
SHA51227841f1b4373a63fee6f7ff5ca1a6dd4ea0944fc5194a0474e56b8b66ca162a254354fbca05b5696f1ac704d652ca8859e5ad06e50ba14d893c11c608e3550a0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
10KB
MD5bfda80c95800dd5974d0a6c339f6f59f
SHA16f342df1abeb55dcb14152a25cefd19062dc3a6b
SHA25672f803e12a410bfc21393b39433dbee2a188e7f1d92d9ca048c31db00463ab84
SHA51297c2487a724c43f12cec770e3fd925b370ab6b766593c2f07ee3799dc3573662fe60ae45f19bc80f2085f8ed516b76b127b4571a7802b110d4c0a96b09b7a505