Overview

overview

10

Static

static

10

The-MALWAR...ot.exe

windows10-ltsc 2021-x64

10

The-MALWAR...ll.exe

windows10-ltsc 2021-x64

10

The-MALWAR...BS.exe

windows10-ltsc 2021-x64

10

The-MALWAR...in.exe

windows10-ltsc 2021-x64

7

The-MALWAR....A.exe

windows10-ltsc 2021-x64

7

The-MALWAR....A.exe

windows10-ltsc 2021-x64

10

The-MALWAR....A.dll

windows10-ltsc 2021-x64

6

The-MALWAR...r.xlsm

windows10-ltsc 2021-x64

10

The-MALWAR...36c859

windows10-ltsc 2021-x64

1

The-MALWAR...caa742

windows10-ltsc 2021-x64

1

The-MALWAR...c1a732

windows10-ltsc 2021-x64

1

The-MALWAR...57c046

windows10-ltsc 2021-x64

1

The-MALWAR...4cde86

windows10-ltsc 2021-x64

1

The-MALWAR...460a01

windows10-ltsc 2021-x64

1

The-MALWAR...ece0c5

windows10-ltsc 2021-x64

1

The-MALWAR...257619

windows10-ltsc 2021-x64

1

The-MALWAR...fbcc59

windows10-ltsc 2021-x64

1

The-MALWAR...54f69c

windows10-ltsc 2021-x64

1

The-MALWAR...d539a6

windows10-ltsc 2021-x64

1

The-MALWAR...4996dd

windows10-ltsc 2021-x64

1

The-MALWAR...8232d5

windows10-ltsc 2021-x64

1

The-MALWAR...66b948

windows10-ltsc 2021-x64

1

The-MALWAR...f9db86

windows10-ltsc 2021-x64

1

The-MALWAR...ea2485

windows10-ltsc 2021-x64

1

The-MALWAR...us.exe

windows10-ltsc 2021-x64

6

The-MALWAR....a.exe

windows10-ltsc 2021-x64

3

The-MALWAR....a.exe

windows10-ltsc 2021-x64

7

The-MALWAR...ok.exe

windows10-ltsc 2021-x64

1

The-MALWAR...y.html

windows10-ltsc 2021-x64

3

The-MALWAR...ft.exe

windows10-ltsc 2021-x64

4

The-MALWAR...en.exe

windows10-ltsc 2021-x64

6

The-MALWAR...min.js

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250218-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250218-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    05/03/2025, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html

  • Size

    12KB

  • MD5

    bb7b91d1685db89b58ac01a72921e632

  • SHA1

    4a1dd457983a7f1bbc7943eb5fca3da6d93d4176

  • SHA256

    940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8

  • SHA512

    09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e

  • SSDEEP

    192:W1VoVk8X2TrWAXaR06qVoVk8X2TrWAXaR06LV:Giui2TSw6qiui2TSw6LV

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdacd746f8,0x7ffdacd74708,0x7ffdacd74718
      2⤵
        PID:5068
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4968
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:2476
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:1300
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
              2⤵
                PID:3580
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                2⤵
                  PID:5088
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3184
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                  2⤵
                    PID:3892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
                    2⤵
                      PID:2300
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
                      2⤵
                        PID:2088
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                        2⤵
                          PID:4760
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,15870632501879070500,14697502688373707769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3944
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1168
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1076

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            c787930d470d0be053d565378051623e

                            SHA1

                            28e41641d6c01ee6eac6d8da2b1bbcdf846bbaf0

                            SHA256

                            a80de15c02d30a203b3ed152d11995318fe79a4eb99fa6de1f5600ad6623248f

                            SHA512

                            9736fc38006a0e8bf29a1c87c251afa1d47dfbadefbc16e844c15d626dc7d0aad622e3bd0925f3abe745a312914a3e9db2026439cbbd2a752589d1f3499aeb7e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            285252a2f6327d41eab203dc2f402c67

                            SHA1

                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                            SHA256

                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                            SHA512

                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            27e0b3a890338a7a7b92bdf1fe73e831

                            SHA1

                            a65e75064bc3bafbb5e14716d27267e2d660bc05

                            SHA256

                            0e835ec8e3e3fec791c7e1cd06135d55f75221fd77063c2fc10106e70f768a68

                            SHA512

                            d18297befb40af0dbd8b036554e144976626ebd782ab7cca99ee6555b6569ae63ae89db10f28ab14097486f13efdb7f41e8c4f87541cff8c647842b5886b9e71

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            50cb491ff4203afaeb6db4aaf5c3aa73

                            SHA1

                            aabca12944c107de8141171f1ec0cab075b5ebb2

                            SHA256

                            3c16b75c7f9ff7e518da88409e58a3be9b2eb6dd612afe2b5157e75c6f4e06ae

                            SHA512

                            a6e6e2b2803a0a8b34684e93f0106852d2616d96b32c0ffbe9fba8371d5e8525769add59a1f1bbce747f01f3033778c20a5d4109ac08efc29aa7ccdb956c63df

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                            Filesize

                            24KB

                            MD5

                            1edf6f37c628c6895d356ff20298d788

                            SHA1

                            6dc47f8fe099869cee780fb69346f7e589d62447

                            SHA256

                            5df60d0b5b2d28ab1ae07d30de581aa6f0546fb1610b0a67410a63b1603a4b0f

                            SHA512

                            f0e37e08b92dae0c8d3e0097226921d824d251ca6c7625e7d2f802d1aac59ef8dd4168239dbde758e45f450d80ff4495e3a46e119b3c938927c996d8ef2f3bfc

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            2bf384a875eacbf4ad9f3d03fbf4b614

                            SHA1

                            3b03a4144e89e05e207bb7e444298a60cdcec796

                            SHA256

                            22e9c576aeba2d85b662a3e132f755077e9cde1a4f81f8e42f71ed0b6e211a2b

                            SHA512

                            3f14d21ed336bf77dd9947dd6371186b4de33105e9195c47c8280ba0aa718485f022d15c95f0097513e9df7e189f0beca3ee310fe7b7c7583486e372dc516dce

                            Download Submit