Analysis
-
max time kernel
144s -
max time network
140s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
23/03/2025, 18:12
General
-
Target
https://gofile.io/d/BUrsXq
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops file in Windows directory 17 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/BUrsXq1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x274,0x7fff5cbaf208,0x7fff5cbaf214,0x7fff5cbaf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2428,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2640,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5044,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3464,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5632,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=604,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2980,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6140,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5824,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,3778475669907168768,354655347658396226,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD57c413e9a47deafdc927de3ce90caddb6
SHA11d75de4605516e1076b4cdc05b6688b42338a3f8
SHA2564440428b4ca660b6a57d564d7af992b4e97c2dab81c0708e6114927c71909167
SHA5128ebab1cae0faa6bd980695dcee2633173e908b49be132b5a75fefb9c00009f0c81db6e4de86872d31381f98e12fe3b000a646726b9db652d9caa716d2c505155
-
Filesize
280B
MD5aa9afd16e8041e8c80250b50ea6899e4
SHA1a3a698d431952253255c343f2b35f74e73e63088
SHA2562bd7f856d73f78bc3a4de32b447b21babad42c009b19fcebe2f8cdeca2380926
SHA512344de0888df8851d957ca6fab055eb9e2f1aa6d958022c2c30442cd6aad4d158d0a99f8908184abc60fb1e0ccdd3d9395d8c0d37fc317d3700974c3348d4a5ff
-
Filesize
2KB
MD5d6c47f0ece6c5755b45f1814a3e35149
SHA1aa72486467ebb59d4a64a3ee660c5e5d26407514
SHA25686fc7ef340ca028a5d0970887d02c32f303a1309e746c04df892fcd2dcb85944
SHA51264346b78dab9f6dcd7f6b8bbb1b56f2b1832f75ce0674d5a044a60c1683bea4401fe1f4b37b7ee2345315d991afa2424535afe7d0affba884c610672baeddf6b
-
Filesize
2KB
MD55f85e91430ca423c0d3f029ac7fac862
SHA126b276697eddecf66dfc81f014f50fe024d6cbc5
SHA256bdae743876bf2de7d7c0bc8f3ca2211c343c7751b3388ce8fb0328dfbb134eb1
SHA5121f01385effc14cf54d93a5fd06dba67beb959189215be9e0fc15622e89adaeb6a792111f9c0f4c7d041b0edaed551750420e9f198108dc696ef8e57d1d125c50
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2KB
MD545075291df97e5bbac740d7e29af0173
SHA16bcbc004fcbcd0e0eee3f461c3211fad04676bdf
SHA256def8a7a81218bd27f3d6279f4a1ce9181b3a32197e0fd8fe511b3b1ce32d4a23
SHA5122d08071681422037eadb707082aca1c90d986525869f14a97c5f1acc1f21081e07026d5b1c579bb72c3bedfadf4e79ea945a9b49ec9d1730f0269119fccf456d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5bc3f80348cbf08741a819270ca61769a
SHA142d4543aaf602498595ba1a78f506028207dc4c9
SHA256ed26e02f1e827d2393b77eb8ff1efa41ec0d1da222c2db50949720854592cc5a
SHA512e48e6afa0d880499a413ac0daf2a93df65a3cc7fb925ad3d718ff610c846629a4ba03e6accd4ccb835b2251a647ee715ef5387008516e90e8a371b7c09f21d73
-
Filesize
16KB
MD54cf37a416f257122f36bcdf53cb8ac4c
SHA14321bb2206ecbcc216a627ba4cae975e59c3bc1c
SHA256a60e649c7d0b47b6d302d55d0000190912bbcafb22e78afbb5222eb41feab029
SHA512ce29d1e5d04dd7eb720462295b86c7f26af46d0459d1af02667a3003e12423d46ef7ae69fea4f0eaebd74dc018f4a8e58adf093d7781f845f880d216c09921b9
-
Filesize
36KB
MD5e578188d2a7db15a1f0259dfdcc341fb
SHA195c74cd2d0b1d12b52dce4f42066463d66bae1a3
SHA2566f53666ac337f89c2e65f50936c8f4773be1af3344f8c48d44c6f2d203d6d651
SHA512f297bef6ddbe037840926ea1769f8c3a751b7ffff6a91c12efaedaf6c313f5256b1b3078c9d4a54a227697fdab2088af0d4791182e43dea985c5578aeaec0ed0
-
Filesize
22KB
MD5bbee2faeea95fc71fa92314df005345c
SHA1ead07086436d4fa60cea2af5aec8d407ed97a0cd
SHA25608530807ad1a4eac08475ec6084af270d11fd449d719038f68bcb246bd56beeb
SHA512bd71963b0537468ba0837e87f0eabad32f726999f024c84321179e6a361325a5ddd1c3ada7a1bb1060e60c0c4cc114a8b4e655edf4f96e76f34c8fd6c5d79b8e
-
Filesize
469B
MD5ea7d2943770a6ae12c494a9c20954093
SHA10bbc1678008684474c6b4cc6cb5813e445307525
SHA2568c652fec3646f8fd798e484fdb32a6c06554b8556c2b42f1acb2ba1ca22f3704
SHA51287557d08d61a76372d695b40a8e08921b5ccc9318804d8678b2d19d18c976b513a36a013212c3c2ae8e095962ea8f473f70637f69be41bfb3d4e7258cd784762
-
Filesize
22KB
MD556bac9cae41e8734092931d6335a9873
SHA125468e1994389367dac0e7874f8209b0921616fe
SHA2564ac8e3e3a49aa21331dcf7ad9d4beecec985f4bb52328d41217c5b9687d60ada
SHA512262f6527a80e701dac608d69c7971da8aaf8b9a8b8f7696f8dc1437edbb02d8a057ddc6cbc744c257940816a2900bfb5beb12a764e4c1266d1adb5b406fc538d
-
Filesize
904B
MD5a7f395ca7197583f52a87a2315300718
SHA10e646dd9d40d9bda5fe4ed2658b502233e88783b
SHA256392853f4d4f3c205daebcec016140a133c127a953e6d17e08a6c361602131ae4
SHA512afb5d8e78213181089175ab4a7542ec51df3e32f51d4e3373f7546a501e8abdba673280e3dccaa770afad1f0c674ca95d932b222a8a54eb421a38d2719c5efcf
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD501577882cd005cc3d594d8ac4a3ad6f6
SHA15981d8aca985999ef08b24ee34046fa754fff145
SHA2566dfb14193c260a1f35a011bea0fbf1be366167fd5493fe862aeec388564b3b41
SHA512bf712f19a153187e4d9fce49e738ba343b36d6dc23d1b1529d2031140f34dd1d3abcbf78cc229ec1b8c9f961072cd1e8118968bc2fe06f5bb62ebdefb1df5bdb
-
Filesize
55KB
MD5bba1929212304e4c0aaa151537b3e27c
SHA183bf72f8d35eb178a0d923b981dcc6a1c8197d10
SHA256820a77749612e87c09dc7bf2f255dabe4764187df0539ba4ce70559cc172c191
SHA5123a5ec54bc31b6961f40607ae2bac246b7d5a42f14b9be997ae6dd8e83595bf7e6e1ac001161b48003fb6231e2253a2f09525e26dee873ea424db4a856dfb5f7a
-
Filesize
2KB
MD5eea17073e5bd8a8eef834e2892843137
SHA19988edb853f1b8e5bdbfb1c302eb00dcdee4889e
SHA25682f773a8fc7f98d1d6225a0917c910111e0e2e32b11975f3112648ad8a618ffd
SHA51245ac8d46192a3b70280e98c1a101e6cbc5a6c780fc4f456103d72e1d7deb18b0ea4805b90e376b44785e001fb6e2b4460c84518ae4ef93bd75614f9b6aa707b1