Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
08-02-2025 20:30
General
-
Target
https://drive.google.com/file/d/1LSchrGgoDNsupMJTTGLiPFCzPb1M0wfz/view?usp=drive_web
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1LSchrGgoDNsupMJTTGLiPFCzPb1M0wfz/view?usp=drive_web1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9733746f8,0x7ff973374708,0x7ff9733747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12433028254370297149,17985381234004228802,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RkZGRTU4RUYtRjRBNy00NEQ1LUIwRjAtQTg2RDlBNzUyMThCfSIgdXNlcmlkPSJ7OUQ1OEUxRTYtQzU2Qy00Q0E2LTgzODAtNTIzMEVCOEU2MzY1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MjY3QjA2MjgtNjIwNy00Nzk1LUE2QzktRTdDRDBFQTBFNDQ4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDcxNzgiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTY4MDM3MTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTM0MzgyMTE0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cb0cb9bc9bc47b241cea8a15930aaf18
SHA1bea4efbadb649764c8c0dde5ffb550e2a5f91a26
SHA2567ba3da7afec53ca47958b26551707592ea453b1af13688f37fe0e1ef411a8b8a
SHA5129eccc1a158c23dc034e4676ee071414bf9c67912b5e2ab6181d325167ce008e13c916967be62c845d4c7f637c03cca9676af0c41ec5e946925050090d0b49e1f
-
Filesize
152B
MD5d44f6d6e7efe70fab6c852bb5b7455a0
SHA10e10115d677f55f7cb4b5721e1275df5c01ea842
SHA256aa26ea90b867a3f439ee88c55f31b5a7890b3503ab814fea2d27f0149c9aafc4
SHA512ee5f719de53d37e809361d56039002e974f0cf1561079ada1f5cd2ea2db310cb80226ba8b9bca687c2ddf9696b71abcfffd8d5dba4a07198e1e4d3b4e2e0c3e7
-
Filesize
240B
MD580d8caf7b1d800608e1fea85687fad4c
SHA1ceba043049b11cf24dc28b27383124562be9fdf8
SHA256641f46c6f6332338c20f700f4dbde78ce6d8c12e37b78784f39f44dc1f65a278
SHA512854b985c1bae5226ea8203588234dc7101984670b3d22b7b2ac9855a0c3808078989a7cf56ccdd77045dfadce5678eb728348eefe40ce6a36ab3bc0b46bca10a
-
Filesize
2KB
MD50d2e5f56540c4ce95c4b1c34e89ad2eb
SHA1db8f111289725e4b584891b8d2a12cda4f6c8669
SHA256005a495c4e91f772f5cefc93c39934ed0cb85d923b84a6d533c0b3a6a2fdcdaa
SHA5127f41f8d38ea840412b9dceb02d66e915b4457ad763c54febbf96b6c8931589f71c1b3d46bf265870284fd21e5a82d61dc2840b4c7e2707e013ba5f41e58bf944
-
Filesize
2KB
MD5714665f0596f993c6fb860da8c6c05ab
SHA15933da65c07be0b801bebf4f522884a5d55e0ca1
SHA2561b5d9ad5f006006ae3a3bf000b315e88a59f9d68b6f53378bd51c20155d692e1
SHA5124e27ad476011bc0f4658acf91fb67d5510117f0cc0495bbbd950c4f04bae99d52e819227c3345b929c767212864a2aa20ffbf968cc211e45afb0e60d35f3f56c
-
Filesize
6KB
MD51251faad0d19ba25f1302cc103f2a112
SHA1e37fe2ccbe93fb07629c02f274ccd645bfba6b79
SHA2567e55aceccc59b775104b67323707d4597098c00082b1826c28fe630b9369df6e
SHA512269b921b75298f3e7c9241d42f574e9b42bf454cff33003c766ad762def6e08c783e5dcf3cb33c0bccb6a7e3b62944c7b90da18973f62d4464ceae82198245c0
-
Filesize
6KB
MD5cfee2512ad89fa79f92c01d33310187c
SHA17747388597f3f2da01857d7ae1744db0165c1989
SHA25665b501e0004bd5f4bc55f4a5c327ca083597fe39e87b2db4732b822df1953898
SHA51273247c3fc27f70b442a7ccea0c2e14ba97928ad3d917bd232ed70efb5bcdb41768cfc1e226627e38d11088851d35b8ee7d18073f23226eba5b4dd8b8d4fa02d5
-
Filesize
6KB
MD566d0de696fb4d4faeecd0df81101aeb9
SHA1371e6174ec1f713c5132d87607db934e9d684545
SHA256e6a642f3eff805cdd875c38d82cf33e250e4255d67d9c6b4b95b1f270771bb11
SHA5121f9eb3fa3aa70695f62f8d82b4e1dcce7bf41d3109d7a0735847c277d44e8eafd34f22befef06bf88c20cdace808616bb2e2f66bc886ee113d04591c8372be8b
-
Filesize
539B
MD5757a5867a8cc816be7d462a468360e53
SHA1324676aa9b296c1dd537f01ad258eb01d62d3e47
SHA2563c080b067d783e404d87b1c0ea413872413c883006795ee88bd3cb8b3094dbe6
SHA512b0a13b2ac6f68978e21d532a524b0e736202df2a16f910686b4853961dc715c34d3ea09714bf7e333e6f9093158fc4aed5dd7122637e2618984c1eedd71b2950
-
Filesize
539B
MD5337a8bd7435b1b3dfb7cc5ef43df8677
SHA1b4c4041b0f4371b4916bee6c483094f4859036fc
SHA256894f6bca8064cfeeb6427257e8640bc36b2219d402368b86039323a64e35a49d
SHA512ca559f2862194daca2b6717e070d96c7243546123538aac736b60cb80bb418d35069132cb38605a6099d1ce4a78f07fc6f3a31ce3328f217b4b0f755e8427537
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50ad720f350cd26ab30d9bf6debf2f523
SHA1946f5aea12167d26c5b1ab34a5fad1556190885b
SHA25686b1c593fdbf25018f3b12bc695300817ad370a95093005093469be88061ba6d
SHA51266d0e9b319a56444a136f4cc04b94400d50b0b45a0b76558b3936450df3cd1e3a2b2fe4d2beb9a9732f7a6a844885644fb99a886f9666232c2c24ee69f6a5a92