Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
16/03/2025, 08:06
General
-
Target
https://github.com/Cyendd/Giftcard-Generator/archive/refs/heads/main.zip
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Drops file in Windows directory 17 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Cyendd/Giftcard-Generator/archive/refs/heads/main.zip1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffba89ef208,0x7ffba89ef214,0x7ffba89ef2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5604,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5816,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4876,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5236,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6276,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,13074387247306805037,15292244700311120338,262144 --variations-seed-version --mojo-platform-channel-handle=1324 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5aa9afd16e8041e8c80250b50ea6899e4
SHA1a3a698d431952253255c343f2b35f74e73e63088
SHA2562bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926
SHA512344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
1KB
MD55ae89611ff66c54366fc7aa23c83663b
SHA17fed98a4692ebf5f11dccd1e1d2a1b4229df99bd
SHA256634d1e519f7360384e766580464000605d4305579b41c6ac197a117225709712
SHA51277756421399dee8936e07f9b7f6e44e898e2e0f9634878c1ebaa6710335714de17111bfb70567bc98fc11d90a06652ad551bf54aed97c8d01c30419219d09625
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD51a60c37e349186165b21bc285b0cc941
SHA1b9845baa61ff11ad0f03822f22816ccde562dbf5
SHA2568c619fbf1806a765b6eb25701230ce268956a1036b73b51a075e463145692c76
SHA512a73aacd8bac5487c12b3fe8f7ed4f8fe39885145386cc6a33c1aaddaaedd82832ba42328e99b95da8367b2e0eb70dbd6cfe1a6e6544461ed5c89585a4aa0716f
-
Filesize
16KB
MD5f0e1a42dc1cc1dd0b77db5f70ef5450e
SHA1e4d486beb8d3a8768f223eec8bfbfc9486c0e698
SHA2567a0f78d1c0c53fde1b08608ed0b81530311aad156407bfcd9c4ccd9920a28ed2
SHA51254d21e307a26cae4203c8a0946cf2e2582a9f3d11b79b8aa74ed4f30508a9eed956b57d6ab896ba53c70ba83f7d8fe0175fc8e1a8f8df0681b54e62db95682a9
-
Filesize
36KB
MD5b2c2a24392de85548aca16a83e5b9606
SHA14704c6c201cf10e7ebf71c8ecbd7167796808533
SHA25686743565a31264369055cd692a169453efb55493563e3c2df558030915965f06
SHA51224369207a7a630d46d3f41b51d75fac5ae8e4a77ae9a288e763e3fca26e1f476cbaf845fd936d94f34095f122fd1ca0d248ea085cd54476475d8ae37cc7d7445
-
Filesize
22KB
MD527c0ef77cde7a240145591be6f5645b1
SHA1f491b1e88529291f794501003c33101c3cde30e4
SHA2568709b3209d146200748061333a6e8188da639fb6fb91124fa056c36a3d477d2a
SHA512d9a53726c2df5df94cfc8d38add0bf2fab267365fe90332f93587569f8c67a5887b7474924b0a97f152120bd4d8abbfa9c3007c73510facfdc5125d63c9469db
-
Filesize
460B
MD5fc9a00c01715820db2ab6cab03f62dce
SHA1a3f262f5382293ff64fa8f31c4c2b18a78f302e5
SHA2561664251b0a3e7228856d5f1a603ebf4398401d11ed6403aba51be2048884be04
SHA5124f6c472d440334a8b09d1fa6902d367869e0534baa80fc10711deb22ce89c390f254c16ac66d3bd5bb1d6b2932ca7dee347dab6c94f0f53a2b1d27ebcf96c0fd
-
Filesize
49KB
MD577e38e81be5f5708c197835a8fdf7c43
SHA17c2639187e0479bf39a92a75bd50dc88f1f84ea3
SHA25688154a4ce8d513bd878b62cd6c4b9b9840d63dbc39bce799125cb9737d42390e
SHA512cf88fe289b063766aee938294c7aef2a46a61443d9084cf87e2376b74030ed0a34973d73ba086cd694f3f5df4e4dba8f672c2ca69e118e318738d55d0a0dc386
-
Filesize
40KB
MD5ee50e2c3f572a084315736ba7b2c33a1
SHA1d4ca3e57e276319f0cc5eb4c516c3b252904ab45
SHA256fa32edd1bdf8746d0f259bf1f1b222de98d0e6a81a01bbb4518ed23205de9f09
SHA51275deb72a3faed691c5c553f3214e8acfe3b2884629f6913822eab7889aca8a5c071dfeaa13cc6dafb45a69ec5a20b1c62bc9d674b8c1a7ca495968593545d8bc
-
Filesize
49KB
MD579c2d7682cd3fde1bce24a9f840810be
SHA1b43f8a3dad76b2f0431358c556a7767e182ef33f
SHA256e1ec2ee711724a059cc23a0decff57537113437a3f692a776dfa27396bf42b04
SHA512931f3b4eb7ac6c84bbb9d202d5cf8464be7381546328bc0cf697e55a087c651972e4e6392b6630e321fe0b691f3e126e97d07c33c20c27ed481ec055d6cf7c3e
-
Filesize
572KB
MD5f5f5b37fd514776f455864502c852773
SHA18d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA2562778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6
-
Filesize
2KB
MD51cc54122ad95309a044bde5b4c8eb13c
SHA1291a7650c5858decbdda362dfefe92efebadfa27
SHA2561aac4961882dbfd95f325e8fbcc9bff31c6dd1d040b6efdebf6ba3cb5ddaea8c
SHA5127ecaf2430b7e03b3e0eef3005160cc0311cea003ff322ba61b21fbf02b1ce701f7f6a27a28c5261947d6b25f7b151a15abd6a1fed0cc8527343db0805c317476