hxxps://km1umsu0xu[.]ungalaccom[.]shop/

Analysis

max time kernel
900s
max time network
845s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2025 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://km1umsu0xu.ungalaccom.shop/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1456	msedge.exe
1456	msedge.exe
1008	msedge.exe
1008	msedge.exe
1288	identity_helper.exe
1288	identity_helper.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 3224	1456	msedge.exe	77
PID 1456 wrote to memory of 3224	1456	msedge.exe	77
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 4196	1456	msedge.exe	78
PID 1456 wrote to memory of 1272	1456	msedge.exe	79
PID 1456 wrote to memory of 1272	1456	msedge.exe	79
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80
PID 1456 wrote to memory of 3932	1456	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://km1umsu0xu.ungalaccom.shop/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff882223cb8,0x7ff882223cc8,0x7ff882223cd8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,15669367248260593141,15067897897572745689,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
27db2f8188df681dc823696d92c6aeec

SHA1
3396b0b79f642868e729e6a9ea3651ddece1b947

SHA256
9b1ae84060b9b816382eaf84b16a9d45a5766d3612f5af2342fbda9822dfc354

SHA512
a2cfcf9cd4249b8fae45c9984209448e00e2030ae2029a2c21e168206e45aa2b5339be56d461e3053ee490227873f8b05fb1d10ac489053c0d03f91bc6a60dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93caa409e8b78c3cdf3de7e77cbbf29d

SHA1
3949f4b2abec21fc22f6d1dc55dbd86e2f10c80d

SHA256
865a30f3860f2af7a462f96b72280794fa732cbcedab1c820e334a2b57a00008

SHA512
71bcd9a8238d6bc1f2776bb726dae8f4420d4ffad8ca6a54dffadaef73cf4f3704595aeed86e2fdbfe5eb02a32193e86e74cb67051270a08e7a17fe0a37eed67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
913227761cdc2b9146d5fbb62712c2a1

SHA1
7e454aa55d56df85f15436bbf4e80f45b58cd359

SHA256
728bfec6e03c4030652dceffe5c299c42252017a7eb76541429df0f9c5259042

SHA512
74da3a3a072049c7d6f3c6989f0c6a3d98f8b4b160fefbd7f5d6046b9f0f1d63ce335881d2a484a1b3e4dd1ab250f9c09df13e0b240da4e69b9e18858d2563d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4bba3bb449909060b4a6366827db87a7

SHA1
efd0a3eb64c3ba2fd420a9e718de826ce1b2b451

SHA256
adb07c0bbf872e4d61b0b9bd7cedc23a5ecaafd75cf212b694e7dd4adc9e5bcb

SHA512
8008315ff7d3b9fcd7ec9a027fc526931a83b8fa266f536059e735147a857d81be9654823af66a73416c58704542791d46aef78c01c559807e7d9bcf9ba5fec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
801f49d6d62515999d1565c84a95e100

SHA1
917d7bc7217e9a64a67ffbbfe9c7d5d2e96a1004

SHA256
4ae76cf99aa35e743270f5f0bcbb4bab0eba861345c35a4d17aa12f574aab9a2

SHA512
112e87f614f1adc38e051ede6f22a88930ea9eaeb48eb00a90b1c7ab53fc75b992aafdaf5469d73be48b18c601b1f7f1a18b79c8f14c59bdb590e65dc2856412

Download Submit