Analysis
-
max time kernel
130s -
max time network
127s -
platform
windows11-21h2_x64 -
resource
win11-20250314-en -
resource tags
-
submitted
16/03/2025, 08:06
General
-
Target
https://github.com/Cyendd/Giftcard-Generator/archive/refs/heads/main.zip
Malware Config
Signatures
-
Drops file in Windows directory 6 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Cyendd/Giftcard-Generator/archive/refs/heads/main.zip1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b4,0x7ffc75f4f208,0x7ffc75f4f214,0x7ffc75f4f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1976,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=1972 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4724,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4760,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5612,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11403⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4988,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5016,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5812,i,18419270600142428359,17899777957023116482,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:102⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5509e630f2aea0919b6158790ecedff06
SHA1ba9a6adff6f624a938f6ac99ece90fdeadcb47e7
SHA256067308f8a68703d3069336cb4231478addc400f1b5cbb95a5948e87d9dc4f78b
SHA5121cb2680d3b8ddef287547c26f32be407feae3346a8664288de38fe6157fb4aeceb72f780fd21522417298e1639b721b96846d381da34a5eb1f3695e8e6ef7264
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD52ec700a3cabb07f809ee23e3fd03af52
SHA19de1255ba212b10e07e0c57a6b4f1cdfe8efd3fe
SHA256c6c1a18d4586e64a8d0009b05f07d40b2cfd2138f7ba911e397da39e8a553730
SHA51244b1720e87eb0969eadaf3a83257e79ef898085385b5ea745d11045723b48446d95b613edc815419f06766efc19f132a4a45175b453dee171d518973e96d32b2
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5d701e6588598d68127713dc58f7aadea
SHA1c9489e5f0c2db1f0d1317002e6c6a22865ba30c0
SHA256e66319986cb850099a3317c9f21927ae19b108455b64508831be92a2b7ce3db0
SHA5124d3cc14e53a3d64020d45785c458090860df14c7a26b02f397bc2776f7c74cf602b83e2aea28ab55c20bd428f60521514776b8f09fcb2734d5cac9dbb95a5c56
-
Filesize
16KB
MD5f8d582bafd583e1c9f950db93708c9b3
SHA1fc1c55c906126f6347a4d20c590c2759f9a1d8a5
SHA25643a9eb0ddaa8cc1fb0443283c7cfcab60f9c8ef74d6eff453541bc142394a9b1
SHA51238811e3307e510b0ebf3b29b9c5807155dd1c239718c8e480dc367f5e1d695bee49a4c907017beed1091e08bf607ba6864a707b50f6f6da93f758963e92b7485
-
Filesize
37KB
MD51ef5dda7f4e380712c95c7577040b28e
SHA1900f8b2a5080b8e5fbb2a19ec146001f8d1908d6
SHA256b0d97152a83f61e77cd13913d28dcdd6c4198690b66d9b4ec400faef838c9686
SHA5126c6c61c59b0baadd422b148b4edab55f11e04ddf03044f0fb2054e80f53ba8e69881888b1980347a67b099e5a004062ed5fcb040f006f4f918e014151259c08b
-
Filesize
22KB
MD51cfe9873808b4104e0f754378a16141b
SHA1f367920b00bb86a8f82b0f34ff70a28cfa73edb2
SHA2561b620165c3cd4c97014741d1e6d9b631cbae7d9ead74d3f7ae79feaa37306529
SHA512d93355562a0c2a9fec6e23f5067338f221ac9ee44dadf16350acf579fdffa63b2d25e31e14e551039ad5d9efe4fb1dbbfe927683ccb42eed028516e2d04d6708
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
460B
MD5d1298497d8973b5d84e586278c1a3d92
SHA1f708ea325e7b028a9bec6cc4b8931203d7077300
SHA256b4b1f553c832c1fc46ecc6cf4a79574803010db71cea5376ec447c913151cb18
SHA512af28f7619f98efb5870ffde7b84a111125196d056e11effa661f0475e2f0e5f4cb71d8c97c0ab2f71b47d60b47854e7c02e5121da7d7165223c4130e28857aab
-
Filesize
41KB
MD5ccd9dc59c8ab6241b67089f5166058ec
SHA1e2ad30bfbaf5cadf7afc3a666c91dca055ed91d7
SHA25696deac86bb5fb280642fd35e2d27ceeb7e3c1142930390fb16949198239edbdd
SHA5126214dcc929e3a33dd7e456e6d337377af4bbac6d62624e4e1bc4f0a0afa73abd545c659084a71bcf3416ebaa147e2e03a39797e7c9dd54079b2b59d32519c1bb
-
Filesize
50KB
MD50489a60b603339cc49dc07ddc53ec9a1
SHA1246706d062a40bf9f2728facbdba76966925b34a
SHA2560759685380ee475c4fb11877b3a82d4806bb9c2fab343ae1f90bb37175399787
SHA512508140172f981b76e7ca2719310c39e8d5f9395ca6ffa072071f6122c886562f70b92b27f4ebce7383ba2a09ce6727d8384dbc992d4a500a12a7ff5de64b6422
-
Filesize
55KB
MD5086e86d217554475ae764d0afc92f431
SHA169074004bbe1ae3a6abeb3ad140545e2df59c505
SHA25659ffc0f3b827177c611abf92a0f68fbd05b47fa61829d1c84d7efff063d00e7f
SHA51284deb4492be8ca5d9795c6eca7561dcc9f89ad4c634fa227650c56a20148fe047a823596f095b39d12836c2161014bd07905ff71ec84aae2313f43fd5a51b3c8
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1