Analysis
-
max time kernel
290s -
max time network
296s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
07-02-2025 23:57
General
-
Target
https://drive.google.com/file/d/1uuseTvcRhyUUFumqFbNFJe1t6GxLtIE-/edit
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1uuseTvcRhyUUFumqFbNFJe1t6GxLtIE-/edit1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6e2e46f8,0x7ffa6e2e4708,0x7ffa6e2e47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6966540878051646275,15175610319993572402,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTRERkM2OUYtMjE2Ny00NjQ2LTkxRjctN0E3MEM4MEE1RDhBfSIgdXNlcmlkPSJ7NDVGNEU1NDYtM0NGNC00QTIzLTkwOUQtRjI1NjQwQTI5NEU0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDczMTMwQjgtMEZEQS00N0NBLTkzODctRTc4QjUxMkIyMkM1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4MTUiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODE1MzQzMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0Nzg1Mzg5NzA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55b4df5cda67e90582459cbd657fa2945
SHA1da784eefc9b604c48e0ad67e80eba4519efd989b
SHA2569fb22b0d187491125a38a00d034958f4aac8fa77c20c53ea61ff0bc06c99ae5d
SHA5121d9179b48cc31c9d796151d233677f429db310a206a4f4ab186e9ac4aa2d8d8c098d9a7a569f3143d4aab1dbd7a96e12148dc9002a4b6c719b4364512a29a355
-
Filesize
152B
MD55888d057ec0be9a04f5364beb6aaa774
SHA1b95001b0ba436b3d2818ed1c93408da814904c12
SHA256ae49f72435d36321b9dc8c9dcf092ac027b32f7f08fc8c8d866a6710ebd6ff40
SHA5122ab5ae481709d3f6f96e46cbbd5ef3a50e9aec80aff88a157f364dceb2cc8ab2454ebd8f25e71ccbdf4755d6fce765fecb7cc41776417b197f7ca88d99377e38
-
Filesize
480B
MD528c813cc0a3441c73e0d1d7cf4454e9c
SHA163e68dd38a4e633efbd7870a9107a65747dfb2ad
SHA256ff574624290c6eb91a4de22f9450e04d69ca004475d8ebed247e0d5a47e928bb
SHA512028c29a45cdfccbfdacbf764223e57a755bac62a1ea85388092c15d5bdbe464d98c77607301452c40c560dc0ee4309d09a64ecfbac4b518c74427e6c90e79b8d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD5650a403818561f442109ddb073904d6f
SHA134ef1b8e86dcfd94d480408be3dbb0387352163d
SHA256092e6a8637ec98a9294af05ecfd5d330bcdbfc35205c52eb52c3c63dd6b40b65
SHA51287785893d198b2a2f71b68727ef554f0aeaa6beca5805565e238db511882a7ac77ac66234ce934e80c4d7d0c41377826d6a8014296fa0f11edd61c5e2a30bf20
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
3KB
MD5e8cabb495611105ee72895e11ff6f2a6
SHA1d444f7babb6ac0e4d35bea2ba61ce5d1c771ade9
SHA256b4c275d46f5a18cb406bc76858ee7863c0b82029a655b8c37ac9788906af7f03
SHA51217334646fa06af951a681581a2aac78501c6313200e0864f9647794b50585e5ded269c775ede5008692bbd0abb9032f6dd03cccd8aff1427fc1fbd8c6444d514
-
Filesize
3KB
MD568fdc3e12a266acdddc717081394e64b
SHA133182022266a12f1aeb1bca897eebc3d0f938070
SHA256e12c618f3e2b1fe70aa3a5a66f888b28a08d19d0b44cc69af79737fb9a7093fa
SHA5123899e3d76f0da7d1ddb2a5631fce0693cbda785ac70a18efe412677a342b36e0f367c61d6b552ab9f1a70ab1a94b14d9657b6e1ece7a82d27914ff79c01558c2
-
Filesize
3KB
MD52a850af08743efc2a6b2ca0273743853
SHA19ab813326377008e149fb787bfd8082a78f902c3
SHA2569ec96af1258a2f3d2322a27c91415f7a8ba6ddae4975f6e79ba70a0ba69ec6dc
SHA5123fb6caf79e761b4d52210849a77eb2d23308d28d5e25cde0c2edb54aae7efccede545019dfdb0cc28676e66c1fec0af898904ec090584089633e378b147831e4
-
Filesize
6KB
MD534d067479f9ab797b8f7d825d5b7a16e
SHA1c13da4c762b9f63bd0ee9d84fb26c8101b518711
SHA25642f34ed07feabe87fdb3c67e5cceb29e8f34d4f378ab0897b4ce45794f916d6a
SHA512224de7313482f53e48cb7d4988ef466add66d734ba86e757f5dcf326e4b030a6eb18ecf68f7ae282910cb04a00ac7d2f158cf2aa4373619695f6615180bf7e3b
-
Filesize
6KB
MD5e1365d79581df2d5bf5655a273c3c413
SHA1c584b465971014575684d36fb5309ea384896ba8
SHA256f2d6d2a6244fc75e1d5784500ad87053562de879897ad9af85ffdc719832c37b
SHA5121fa012c71483d8a13524cd55bfe92b6a9ec84cff61b47ecdba77cc0c5cff83494a134487af2ab8a02bad5c4e9bac4439e47a448bfacf84982e7648bd0d98e821
-
Filesize
1KB
MD5b4861df5bd96df6e4748daa4f4a2fe82
SHA1a4bc709bf8100c146c8b3cdc60415908371f53ef
SHA2560291fabbc209b306c26629e3324984dfd97264669a1708f0a6d0d45ee9ede7ff
SHA51246a5c81e1b86fb41636375b5ddf39faa62c361b27dd846ee997aa72c01590b141c7a08172d222d90b09c49cb949b7328ee046043fea2893402eaa79f92d533fc
-
Filesize
707B
MD5b339ed829c5a560832acf28113ac558c
SHA11b08c042e8275647566611714d9fbe860a16b156
SHA2569b325aa9cce46f771f8b1db23ee7b25faa11cdff28ffff88d7e76253f6db17d6
SHA51269a546c83278b8d8b97fcfa7f1bd7d5b8e8dfca897b4538be648ccce38f9a1762b372a2c16ff640ab6f73cc384330c855cc9939dcc7e1128f1be9d3a6a087c25
-
Filesize
6KB
MD5da84a8c00f13a4afebe8bbaa1b620325
SHA12bad086c56d8d2e88635cb585d5299a643ee99aa
SHA25649f4a0ae475af86277c034cc4043f6437409d6ab3c607382f7c9432d91c08284
SHA51213cbfb42cf364f7f9a1adbb2ba9a133e8129c72743631da22b0314a51b12ec47450591bfd597e1756f5203e2dbea07dc351514a317ed5901dfd0e97b68cc20e2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD596c078032dac997dfb850ab46dc8daf7
SHA15f0f145425459268ce2d50a0c46204c61d1a10b7
SHA256cb3904cf1c06e05657bda6525b94584e06dd8a6d2a74bac8c32707f473c9756c
SHA5127fc929c6e2db396cc377a1ea5f0c8e27990a679e9a7fe3b6011f19740677a34e15c566efd2c48abb3cb1efd0c8fba3526748ee19f277521b0ef5dc4945c7cbc1