Overview

overview

6

Static

static

1

URLScan

urlscan

https://github.com/k...

windows7-x64

6

https://github.com/k...

windows11-21h2-x64

6

Resubmissions

11-01-2025 00:11

250111-agl8estrev 10

11-01-2025 00:10

250111-agbrpatrdt 6

11-01-2025 00:09

250111-afgxbatraz 6

11-01-2025 00:04

250111-ack5kawqfr 10

11-01-2025 00:02

250111-abx3qstpfy 10

11-01-2025 00:00

250111-aab4wawqaj 10

10-01-2025 19:33

250110-x9jz4atnfz 10

10-01-2025 19:27

250110-x6ek7stmdv 10

10-01-2025 19:26

250110-x5hlgatmbz 6

Analysis

  • max time kernel
    240s
  • max time network
    281s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-01-2025 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/kh4sh3i/Ransomware-Samples

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/kh4sh3i/Ransomware-Samples
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf7a63cb8,0x7ffdf7a63cc8,0x7ffdf7a63cd8
      2⤵
        PID:4192
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:4636
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4972
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:912
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:1416
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:4876
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                2⤵
                  PID:1388
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
                  2⤵
                    PID:1036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4268
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
                    2⤵
                      PID:3636
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
                      2⤵
                        PID:3968
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2668
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,5158542044026267215,10161296983665903788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2932 /prefetch:2
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3128
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:3396
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2116

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          4c1a24fa898d2a98b540b20272c8e47b

                          SHA1

                          3218bff9ce95b52842fa1b8bd00be073177141ef

                          SHA256

                          bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

                          SHA512

                          e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          f1d2c7fd2ca29bb77a5da2d1847fbb92

                          SHA1

                          840de2cf36c22ba10ac96f90890b6a12a56526c6

                          SHA256

                          58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

                          SHA512

                          ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          1KB

                          MD5

                          400440fae3d840d136db69493ad6aad9

                          SHA1

                          d084e9269fac7b0290b33d476d73a82eca303ec3

                          SHA256

                          97d983b4c06030d8d53d7323e0663721f97e218805b0ca4bbba2992ee0fff58e

                          SHA512

                          4857df0ad671a9422582bbff2615656805f6d31c265cd3ed95c513cc7ceb1982499001e14721dc41190fe74d79da732ece8ad02971497173248c17b78a2df7ff

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          579B

                          MD5

                          52065b1033f9bc9d7f6b6302f6d8b160

                          SHA1

                          96e01582d63dc42b827d21799a7cf6de7d008703

                          SHA256

                          173a6148e2ac471a64e27e66b5e6ca78560fb95992d19a16a7d1fc22ec6137a2

                          SHA512

                          d4c8e6924556cd45a372ac34d3fbe96e233a21fd9b0cac1f3cfc0bc790ceaf5ef01ed1c77481b6ce70aa765082a609b8b20092461965b7638fd43db66fbe9e6d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          7191dae9cfb09c77acc0879cf4a5771e

                          SHA1

                          19822e88f1823aee7ac757c3e90d8b8d37cc69d1

                          SHA256

                          52fea0afcd1a7a5c781d2f1c8c0d1cfa593d0fe96500cecef116f4200e52552b

                          SHA512

                          8a06342821cf08f5ed754bf1146d4144a5ed7c232b76e871e62f4dc8d22fab33bfe81303d9f3879dc77e9ad55259d37b9cb6de34950a93a1dbe4893c8e3a6e0a

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          5KB

                          MD5

                          2b955d7673f781c020b0451f450fbf53

                          SHA1

                          0b1bd1fcfbe8ef77740eba845a9d68ed961ae40c

                          SHA256

                          b35b9126520b759360ef325ce64d198bca831f317e4a29855abdeb29e2b28a72

                          SHA512

                          10296798b6561a5865b14f62a25ccf7647be4bb06c03ab34b7b4895698f4ad452da34564141e26cf63b56713e801199d6d34905a718696b2758d971ab9249072

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          206702161f94c5cd39fadd03f4014d98

                          SHA1

                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                          SHA256

                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                          SHA512

                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          10KB

                          MD5

                          19a762cab43007ba12372a5f086de87b

                          SHA1

                          1443199e647e397a6eb20d4818183726b17d5879

                          SHA256

                          1614e3d779cc02a9aa47b1fe67eff17b0876a3ba8da937fc1d345d44389ca43f

                          SHA512

                          ad587cffdb9e7e78950b7a87e123c72fdbc4db3adfcd2f7912598da962b87b72a8af8c4a97919b0909f1294fd74d2e8e9983ad17d5dd15b0b0a79ec02aebccf2

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          10KB

                          MD5

                          1fcf56ce5ac7516aa22307e72ee2dfa7

                          SHA1

                          81f0c7b9ba43afb5761f8bf113b45909100280ad

                          SHA256

                          e120f22db82ff2ba2cb91103c2a70ba4182d55c89ed0fac694a87722f66007d8

                          SHA512

                          39727554d0bf77d2c537e5f5c5f0bc64ebd6939f727a1810c4854c5d853cebf4de22c2f59196159674ffdead4503fa3634c499093623612f403fd82c996cee43

                          Download Submit