Analysis
-
max time kernel
878s -
max time network
871s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
08-02-2025 11:38
General
-
Target
https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing
Malware Config
Signatures
-
Downloads MZ/PE file 3 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1E3bVNS4U6FoaBQG2xJEkbsjMUfkTCWji/view?usp=sharing1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd4ee46f8,0x7fffd4ee4708,0x7fffd4ee47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14593826281434654532,14397361963173666467,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkU4QjA3MkUtNDYyRi00RUNFLThEMTItREFBMTExMkYwREFCfSIgdXNlcmlkPSJ7QzMxMEZGQzgtQTAzNC00M0RDLTlGRTgtQkVFRkExOEZCRkY1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzhDQkVFMjMtNkExOS00NUI4LUJEQTktQzNEQ0VBMkUwMjE1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDQ5MjgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxNzQzMjM4OTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzU3NDQ0MzAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52ead70a280cd4aec1e24cfe04df29829
SHA1ef230ea7095f9b22df171356ea4ffdb68b1f8b43
SHA256d766ab618981d2070b1265b32f402563c88ca5e68bdd2e5e164323f5520af020
SHA5124ae4894a40d4608cd9e62262c575e07b2cfe48a3d0a984580e8c9ce5e2085719f6c167dc0e5edbc087b7ccfc894ccfa8dc3a847da8faa7007a4cd252be32be85
-
Filesize
152B
MD59bafb0d3a1696932066ae7d4a377d44e
SHA1b806888e572d4ffb5d03b0cefb13ab1542b3be17
SHA2569102ad8bdd9057acdf96f81aee73f00296194718730f2cb6b95cfbea9447ea66
SHA512dd3bea301dd70c6ddf4bb43d51f39cb2da48359f24e449db21c97b73a818885a68a3f7aa7a9568443b819746d78986d25f6e1da4d4832f11fee63842d5f5c0ea
-
Filesize
3KB
MD5533180c084f2666eff5e0b9a612259dc
SHA1bd8ec6b637a2543b4da62144815a40ea3890c441
SHA2561195162b10ea43c5400e626d7b90cceb20228945875d210ae81f0c6f141ecd16
SHA5125951d677e91d80bea3b63a97eb2b18281c9b9386ab83315d6d2c1c924bf29b4c18148f61fb57202e8b9454fdcda8674b19c4776695dbfd67b4c844d6624f8a60
-
Filesize
456B
MD5cd115fd0b0b41efec8200df0eca76f9d
SHA1073cbe7dc839032adfa91992eed95e8bf48aa49a
SHA256df570e8b7b292ebf80828d46623fb185f06a29aeb26ee43b7ca3c82d4e5d8b21
SHA512bc9b2f7d775f641c9c0160ac0bf29fc334573b781de13cc53008df8b986f640ac511cb6177b533264c4d10dd923599368cafd62c35c71b0c595395a1cedf4170
-
Filesize
3KB
MD58f1b1e2f8467a44282bfb93de96199cd
SHA1470dbe88892b13c8096fd3411b6f1c845c1e7490
SHA25680c4c5a5e57108006bb6e7d501dd2ff4cff8a940110a331d8e227b901e544f8c
SHA512dfa9da33ea7779c5ebbab3158c338e0d16f9afb505f8d673c2eed4387266c257b9ae1b41e43d6def31c36d75381e01af8194512ee75645ecb53fb543a182d531
-
Filesize
3KB
MD5fa9b0508493b95e61a7efb1d8e574f4c
SHA12a0ea1f2c4999846da3948ced28e68ea94f866e4
SHA2567a02b9b502d7ff6c305bb996a9f270fe880ad093842952f6aa92e3ccadc0c95f
SHA5123a7f4c73d368fc3630e3a75502fcf1fc93dfee7c69f55324ee78dc450889f8ef132a4f4931ec1c6a9400cfc4292f7410793dd7cbfb30cec79f7266b174e6d38b
-
Filesize
3KB
MD51c033ed646c7f184de0378b691650d3b
SHA1aff85696f3b524dafcefa4369e6a4685832515df
SHA2567499015217d411e88f26ccd5cafe0d58fce046d6803f04c70c48974d40fd63fe
SHA51261250d29b71491d56033745258914dbfa82fa4c42652d794e81176a0830f649e7f17a3ad4877eecc606665a6bbc1b96bfe25e2ef02777924c2f5dfad563b1903
-
Filesize
2KB
MD5422136270f027966a020edc40785f0fe
SHA1176a9e90f1e80a7db925f519524bab42b16f3b86
SHA2565c8c127e74167b9c1862a2acbabdefc03d7544f265f472c1324b707b519a5a29
SHA512cda8ffc75313858fb390acd72b4f79db0707e7611d92b9cfbc88bd8b602e0f3ae68c1f69fd4b81f1a62cdc959b58a7c2d7072fbdbea24ea589b9463b26b79a81
-
Filesize
3KB
MD5c3cda2be50fd8d6c89f9783cd08043a2
SHA1674a0e66adfba5971dddf9f79621d710d6dd3c1e
SHA256984d56f30e135c14f29748121abb4dfc917b4a9e9757f6e4c8da7f7264f47b58
SHA512b2b020f41777bd1468f2b2c4af0f6faf385c8d86f77d7978c08fe192c958a1bf1ce27924e3a99f931784e8e3a6e8ca0e4375ae08e24a39a2d39b7ea30f336354
-
Filesize
3KB
MD5d78d4dd91f3e3ca2cad8e90909d4b5c6
SHA1f684467d2a3156092e405d25c70517123fe6e24e
SHA256c4f625a58ec1f9d2f6a5deb32815fbc49b224eeb1356bf7e9c37ef34a5ea23bc
SHA5127cb3aa8d0c228fa8e8548cc101514180c8e606192af42416f5fa45934b3c20baa32f2603e9422ea3a5f113f2ba5047954278efea060d49b98633bb9d62098a4e
-
Filesize
6KB
MD53bcb0550c82458408400ff93c9fdb2bb
SHA190e6afc3dd2a8b0076e9c5aba84280e03e9f76de
SHA25695202cb8a2c9e165270d4a7c2dec38d776fd2cb7c56947b8393fc424135b7723
SHA512e7f3c54dcd918a2aee5e7a34a975b837a7daf4ae76e6c81d6342f5ddde9775d46ad777b54785c195df66579656437aac5d2d29fc72319bfaa0be8bf8c343bad5
-
Filesize
6KB
MD5745312717628ed815c0b05322b54a491
SHA10317527928bd093fa5504c6b97c57be709b0569c
SHA25615fbb4ca2b677dcac18435b74c4a0991b888582fde4c9f4ac6a4cdbeb8f54f0f
SHA512127fad3c349a883e11eaf9df5ac640ea6f48c5afd497fb21e95f5abf67249779e07fcd6474db5220a73e88731eb52942029e0fac2abfb51247c4cd2b3bf18eb9
-
Filesize
6KB
MD530579db0659101e88ed72cd54c4821fd
SHA145a2ecef9a941b351ecc3fdabcd1fc5f37d5739f
SHA256a1ab9d640f735a2d3408f180beeb06482942e4b73023e84f0bd6e55f989ac78c
SHA5128af5b38948557deae89ec1d35b7677f817c095e71c87ae6d4f0530cd74ca53384be60589e1429f8948c51cf79f14cded0120270860998a1804b02486fec49c95
-
Filesize
3KB
MD5f4f3ec4b7a753db1e00cf34a6e0a0ed2
SHA1858c24ea6f29cb0142980e29bd0060dc36cb33a7
SHA25677a27e9ba23d3558a7946f1143de8d8abfb3813d16076f51a1b2b9af2cda9b76
SHA512bc13941d577fc64f0494a21693f95968e678115ce392116f25c12465312a32ccf0d01042cd8e3927607903d7e25a77b38d0e14e8cb3d37c826a628ae87b95dd7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5b2414e2fd6410375752b7a1ca449fa7e
SHA15a91e59f814e064f7ba10c3b833e89d72b1a7738
SHA256de5c20a76f8b5a363018db461c11be80c743eec08cf12e85272b587b359d2c86
SHA5122e5faae9fa8ebfb74eaa3617af9091ff20217343c37e0a38749c3dd66cf3063330ff55a5f3968c8cc14137bde28638fe192e1aa28da064c7cde2a007399e226c