Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://alburjae-my....

windows11-21h2-x64

3

Analysis

  • max time kernel
    189s
  • max time network
    209s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-01-2025 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://alburjae-my.sharepoint.com/:u:/g/personal/farid_alburj_net/EQHf4AgU6-FDoNi1j1ivsZwBTHzfPMbzUxPsiUC7eoWrpQ?e=VQgcCA&download=1

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://alburjae-my.sharepoint.com/:u:/g/personal/farid_alburj_net/EQHf4AgU6-FDoNi1j1ivsZwBTHzfPMbzUxPsiUC7eoWrpQ?e=VQgcCA&download=1
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3448
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffeda43cb8,0x7fffeda43cc8,0x7fffeda43cd8
      2⤵
        PID:2440
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
        2⤵
          PID:2556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:3164
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:2960
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4896
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                2⤵
                  PID:3680
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
                  2⤵
                  • NTFS ADS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:776
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5076
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2640
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                  2⤵
                    PID:3856
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                    2⤵
                      PID:2436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                      2⤵
                        PID:3888
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                        2⤵
                          PID:2924
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,11191358709568136443,17842680848814301564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5212 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5148
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2280
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3988
                          • C:\Windows\system32\OpenWith.exe
                            C:\Windows\system32\OpenWith.exe -Embedding
                            1⤵
                            • Modifies registry class
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of SetWindowsHookEx
                            PID:4796
                            • C:\Program Files\Microsoft Office\root\Office16\Winword.exe
                              "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\ALL Tender-Documents-SW Fateh Project 2025.tar"
                              2⤵
                              • Checks processor information in registry
                              • Enumerates system info in registry
                              • Suspicious behavior: AddClipboardFormatListener
                              • Suspicious use of SetWindowsHookEx
                              PID:1152

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            c0a1774f8079fe496e694f35dfdcf8bc

                            SHA1

                            da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

                            SHA256

                            c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

                            SHA512

                            60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            e11c77d0fa99af6b1b282a22dcb1cf4a

                            SHA1

                            2593a41a6a63143d837700d01aa27b1817d17a4d

                            SHA256

                            d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

                            SHA512

                            c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            194B

                            MD5

                            bfce048eacf01083663ab2d4c2fe7325

                            SHA1

                            f07afa83d38a6b946412d7f4302952b464bf098f

                            SHA256

                            5d4982b3ec5c6987b50119329e114aec8ecd79299e1cbbbe6de0a6c25002cf1b

                            SHA512

                            5c8281abd4e1dbef1b67159294555d2e5bf11e1531bd45a4f438966bdcc0cf00c2c4d33b8170465c5d2e4822788ade089a68bdbf9376f568e79ed92771422861

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            068c2804d42921011283c5a7630a833a

                            SHA1

                            ec4b51d09b8e59aa341fe21eec5cc8b74e61b604

                            SHA256

                            4a350d178ffbb8458052a4ec132b5d74e005425c1be7d3da66dd9a99acc46f8d

                            SHA512

                            57b27fbe357aea98c772d21a1a94bd22333897e5b7b0a2136a013b549887d440ae6e8f1a33cdc9cdf975294bb24d98060818338edaae4df7d6eb17eef9a658a8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            01113ed842042e8ba9495806bcd76ad9

                            SHA1

                            1758c2cd4a9b615e08f805d2b734dd5762f802e5

                            SHA256

                            d4de8efb899b0a8344b0141c4bbc5f879a7d77a5bfbaddf3e3d58936e293d5a8

                            SHA512

                            be416e88ca222d4f2e1bacbd3e7217c72878a4a73bf07b7121009922ec7aac281b36f9cc7fbf87b76b9c62b8297ecd9b0ac41a8aea4d50e9780ab0c88a854487

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            80cd74c3b5c4f31e3fc9905449286377

                            SHA1

                            ce5e7f1a02e5c1bcf8f23a06536a45db035b3179

                            SHA256

                            856941e60a144a821149116c285b005f524c6c19abbcdf677dde9fd74f9524e2

                            SHA512

                            3ee6577e5efef04edfc6357687dd4116eb86839a27894f2e8b13b90b74b2bdc2725712048597bb2a38005edc1d129f2118c96d45da3fe196582e2cdaf64b156c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            cd23a0b6af23f3722ecc0e234a5d7e3d

                            SHA1

                            bbd8f80d88e727b9d8fd2a8954cb8e775cc43ed6

                            SHA256

                            18920b8e177b85c0700bd364c4cc768d147599a720a276f4a315ed9e0d3783ce

                            SHA512

                            ea46da7f63caea656ebb357800e75cb188d11d995c1cff45d0064bff490c8601625d82d28ec0eaf69c11e361e1652509da64dfed76f67e16801c9dabb869fdd0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\TCD2602.tmp\iso690.xsl
                            Filesize

                            263KB

                            MD5

                            ff0e07eff1333cdf9fc2523d323dd654

                            SHA1

                            77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                            SHA256

                            3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                            SHA512

                            b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                            Filesize

                            385B

                            MD5

                            e9aa0d3ad99570ea6a914f0fc8f603d2

                            SHA1

                            46b2e5f4f605cc5cdeef07c412db4e295a00b556

                            SHA256

                            205894762a17f1ef2161f8ae59c0d0dc4535385e807f12aebe788818f972ea92

                            SHA512

                            91928ea8e2f05fed175062226eab5dece2250e6adfc90152f4a166aa01ddf887849aaf3cd55f8da14890c9eab8dba12c466b7523c1155cd64ff1a5e0e52d6d3c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                            Filesize

                            16B

                            MD5

                            d29962abc88624befc0135579ae485ec

                            SHA1

                            e40a6458296ec6a2427bcb280572d023a9862b31

                            SHA256

                            a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

                            SHA512

                            4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

                            Download Submit

                          • C:\Users\Admin\Downloads\ALL Tender-Documents-SW Fateh Project 2025.tar:Zone.Identifier
                            Filesize

                            26B

                            MD5

                            fbccf14d504b7b2dbcb5a5bda75bd93b

                            SHA1

                            d59fc84cdd5217c6cf74785703655f78da6b582b

                            SHA256

                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                            SHA512

                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                            Download Submit

                          • C:\Users\Admin\Downloads\Unconfirmed 586004.crdownload
                            Filesize

                            698KB

                            MD5

                            293500a80aa5ba6b8443ca835918c5e9

                            SHA1

                            770e55853a3c02b2bab50836e98c837dc31f6a3b

                            SHA256

                            49713801a7cab92fffee04a71c7217b98ac50ab27087abe578b9a02e7c4f3e1e

                            SHA512

                            8d8f0214675aea96a980b9098a6f4beaa9a8fdb3529bc59c8114a1482df4cb0e39c8047616bee0614f47153bc9d70d03fc11d768f3aa095eda5a2e9522f0ee07

                            Download Submit

                          • memory/1152-60-0x00007FFFB8CB0000-0x00007FFFB8CC0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-73-0x00007FFFB6740000-0x00007FFFB6750000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-74-0x00007FFFB6740000-0x00007FFFB6750000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-63-0x00007FFFB8CB0000-0x00007FFFB8CC0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-61-0x00007FFFB8CB0000-0x00007FFFB8CC0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-62-0x00007FFFB8CB0000-0x00007FFFB8CC0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1152-59-0x00007FFFB8CB0000-0x00007FFFB8CC0000-memory.dmp

                            Filesize

                            64KB

                            Download