Resubmissions
04-01-2025 22:03
250104-1ymtds1qak 10Analysis
-
max time kernel
103s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
04-01-2025 22:03
General
-
Target
http://9ps.ru/JbMcnp
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://9ps.ru/JbMcnp1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf3147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,18223643949862023854,11781577121293100469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
432B
MD5a89636d43f301558e0df27b849f1c70c
SHA1d5145729c21f185a95dedabd750b1379ee72d40b
SHA256662de7cacdfb4cd9ad1c70183b3c3bb54224a6314faa3e7aa1aaf561dde0d0b2
SHA5126845bfb9536f81a657c4807e3a32c17da21244c8a9f149e105f364b3209b987e3fed718835c3aa2c230003ac45e4ac66838c6b4c6b4b52aa303dfcfab91dff33
-
Filesize
482B
MD5608ba464d8c113c7cc6d4dfa6f02dd4b
SHA1f65ba5a0e8a07eeda76fa5dfeeb38eda4c49f371
SHA256fe89ca028887cf85ecd3890a189061cbbff52a225b6749743d1cf7408a18a779
SHA512f66dc1574c14bb387c5fb9247a9fc8aff50432b513e5c5990ce486bc5af30f4ac0d3594f390ca16cc105af652a27373acf143edbfef13244918c2ca6a8a8e9d3
-
Filesize
6KB
MD519af5ce43da839265136a74c30839d08
SHA11c9b2aa078b31b8bc9f9a381ba0e79d9dfa4838e
SHA256dfcd6abc8d5e5e63fc12e098b25d723883d1aa3fe8fd73531cce12c5e1f605be
SHA512437b0692626d439241dc73cabe52662fe520fed35216ed1372df7bfecfb62bb2a2778e2cdd5b1692b969d157e87eaa6d68f24e617a53526fdc35a50e1a57dd0c
-
Filesize
6KB
MD53e2012c5a3a2392b140bc271eb5785e8
SHA1d83058495b76bd84a253c39f313b009550c871c8
SHA256f97e03042c9246b149196d620fce641dbec746b9897c2ecacb1b35697b755441
SHA512bd1c667c01e06c2e5bed338e6da4dee5c2776a5735cc116b810a0662960d1c5541cf963b0ab20072e56cce780d41271c0628bd2d57069da90822151f413bb92f
-
Filesize
5KB
MD55b3bc7ad7ed627a1c3be9762029c2e6b
SHA15b17ecc489608b066722f4e7d4a158f54efae10c
SHA25675b0cd7839cbe1900ad7cffc9b467d1d7c4b8763426156a5c10710cf567841a6
SHA5120e2490d079d2b297e42cb69d5f9ca7b8dcd12227b8cdfe37306943823f2c6acef7945d52b17de049fb0c47ca57144e777a45d146b58f90f1f10a8633ddccee6e
-
Filesize
6KB
MD5cfefb6bf0d8782c0bb057fd06368fc63
SHA1c6f5d56ae19c765c13bab27519d31889f7a63d3a
SHA25649c4ac88a1a48f4e1efecf0aa01825195af49fef97166e1816878d847239b2a3
SHA512cc359593dcdc90f6dd91647ab11ebd3641811bd1e14cba032e636fe5b7b20bc88042404d4f60177974b3a2d52750b0a3deec8bb7bd6ff18e5a3e97462ad42d29
-
Filesize
1KB
MD54ec9926ca752897907abf69b209e908a
SHA1db8f99f83ce588bca105c4c16a574618d15d7470
SHA256d2b68c8fa8beb1b495512a059f585f309cef7a22ad721143e244229a0724e0ab
SHA5123a4a0fc8d94dd2127d3a4814653f4933f6ecf6ea0fa2e361f72c19abd4725bdfc5cb14de8fd5b4417c768556abeecf8da5e8ae256eaa24a227956f3b9e71fd19
-
Filesize
876B
MD519a71168412496ea992d8c909f5786e4
SHA1156f39c51b0c5b99827fd1c614fb8d52634fa252
SHA25635e992a310dddf5b02141caefda173381955a06495c12da795fd32c6690f9447
SHA512730d6b1edcc220da28e635614ab808b7a8fd762eeb973d20d86ae0e64029faf4626208c606a90296939691cc4b71e76ca7892321575d50df5a3c4504de13c5e5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d8b9f3ef2d20915830a3868b49ae8f2a
SHA1945e8b2070445c9c7bb8f11f780a01a6b3ad8320
SHA256fe8f12277bf4a8867d1c1728b9858016bd2108234152daf60b8208f85f9a76ae
SHA512f80965ea1ecd446a36fff821d98b0dbe93e79939c580c9ceb78c7716a4c09fef3a2ece396ea8358da6debf080ef2f96e1bd5a72921c9c4f429f7e87868d9429e