Analysis
-
max time kernel
39s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
24/03/2025, 20:21
General
-
Target
https://drive.google.com/file/d/1uUOFpJfD2sSE1MbV3CPQmzGqL839IVLx/view?usp=sharing
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Detected potential entity reuse from brand MICROSOFT. 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1uUOFpJfD2sSE1MbV3CPQmzGqL839IVLx/view?usp=sharing1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x298,0x7ff9b0b3f208,0x7ff9b0b3f214,0x7ff9b0b3f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Detected potential entity reuse from brand MICROSOFT.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4816,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5188,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5456,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=4808,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6560,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5948,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6572,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7020,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7068,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6912,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=4984,i,17771390303680662383,1637505785828040878,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5690f9d619434781cadb75580a074a84d
SHA19c952a5597941ab800cae7262842ab6ac0b82ab1
SHA256fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1
SHA512d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD546aeb1fa340f686bff1b9fbc9e67d1cb
SHA192a7edfed08a5b9831f0621e50fbc89e854ef62a
SHA2565e9f8f43cb3e916aa715e711e74eaefa02a5adf53795d28069cdc46bc1c0afb3
SHA512a9e85cc338ae5753a7ea6b38fd972d4e2639b06f2a7e77006a08dae549636ff8f57a1540045b6e665b7da21b92e31d76dc71919a65f2b1829687a0805ad4f159
-
Filesize
16KB
MD515df42bfc238ffd4d0894942bb0988de
SHA1a6db38e7db3ee2380904f946886e85c8e0627f0f
SHA256d9f1a02094693a930858f94b16c11fd29f3ee4c9a8ea5b066f6c7e76b77e112b
SHA5128fcaa5ea7cc419905a65005176d0862e33ab3b8f8f9940d1b797910407a27082884db97b81fc62d2590d189353290c9c71f0bbb28f21bae77c6ae8efb2533b2c
-
Filesize
36KB
MD5532dfc28118e4a27e6d6c88d0374e0d2
SHA1e44f59198f55e6d38239e7a6a142ddbd33c57947
SHA25657ddb782225dee453f4c3e90f47fb68495798517bb67cf07c519d55d81a018e4
SHA512268cf30c56359cef5fc1907bfb1ef09bf774ead84a9821fb214bfb2c7c653a576b58239673bf2f0e633c2c3b1d4e70f9ae7a2060b834b75358e3a60fb4f3923f
-
Filesize
72B
MD51d448e7b1f8eb46b525f73c8705bfcfe
SHA1c682b6a917acf30b927d7859c256d59d0d11ece8
SHA2568ef04c1c9d61d2f46cd5d2fca3bf14363502c5d7e75fafafa37898834b66294b
SHA51296460320416c95ac6d459c3dfaea4af8c836ccec46191f1aa269e0c98ea42de01ddab0fa0b34c31bb9fea8991c999713cfb561f2da32df29baef314ae6141abf
-
Filesize
48B
MD595d44f7fe76877d39ad6a2e7051242d3
SHA14d92c5706a3b23159cb45b016d4a0f264d9004b2
SHA25655907191a54d592985cdf6540819a8e62723a65aabf176884a662b4d1e0bacbe
SHA5125c12b012386d36415151d94c3189b54b3d4d811bbf72c3ff7694c8ec8631f5a94c83e3b9b46c058f83c10e41138e8c3d447f380f4dd93a8b6ec1a9fbabb9c698
-
Filesize
22KB
MD5c6100112b18a0bce97321beabab55855
SHA18b9e91782f7345846e093008e35095a13bcaa718
SHA25627117ddc33a18ccb7f6c090c473a23a03d32997837095f01d985b7677bbfec69
SHA5124dc7c80a132bded2d0438bb07bba59b11fc4a02c8797b65cf5f5d13008ff585d7ced065376d185d7f63f5ba32e5e7c2cb72515e129eaca980246fcfb7447bb4d
-
Filesize
40KB
MD55abbaf2cbabf05390510d4ee29b9e2fa
SHA1ef8832f6fec2cc11a9dff3a6657fa3b23dd31b1f
SHA2562bce2d2c30b12b0b3aa0a2c61ebd3a15f08538b11cfef041c4e21c4871b81de7
SHA51248f2d9b64856011ad5275275d4723271eab1562005d83dfc2b83b48670da29f40a060c14f5145f8518edc6924f15aa50c08ec73582bb811d4cbe6f13da6034f8
-
Filesize
49KB
MD5d3a6e43fd3a23aae7f7388d222bbbbef
SHA17bd0dead613a576445854603f4d3d44634b5b2c9
SHA2568659e1c18d0363a69cc6562a9340e9397eecd1a92d989e477e86e555adffc7cf
SHA512413afd996d711a374e4d223bb6b51e3293121594d6dff1c889600462be9f161ffd9ef5657d996683afd842c8d69f1c52a68fb420af63592d66e1602fd2fdbcc9
-
Filesize
392B
MD5abaed647701f1848ecda89ef8bce3d7a
SHA11250d67d11b3222e40057c52eb358bfc1da34b9f
SHA2565a021d673e61cfc6ad70d5097c783ea3c98df8917be40c0fad681d80fb518ad6
SHA512d8f3fc339bed67235e7885dded3aefc0e0389530ecc78f5baa25f82757435bf0c4619d408d235dbb6e022c7f85b417d609464c6e7cb6a00981b02ffa41404e29
-
Filesize
392B
MD59ee970624084ec2073cf4fb3d477617a
SHA16dc76faf1613f4f65d759c149c76366e5e42d444
SHA2562bf017d02ed5b626880737a2ddecf2fb8773a89cf289f5bb35626b2cc88a5c8c
SHA512794bbee7caa4afbaae0447d772a3c2ead3fbb772c753235ad881c35406ba25c1856d7f5692cc6ad5ad6622a910cf052de573a503d42d8f94477abdb5c636b853
-
Filesize
2KB
MD546d53ecd0cf37a0de60593ed85ae1921
SHA184209480220f07fa61fbf9a37c471e3011146cc1
SHA256a4560cda7565f196ac5387fd341cc7320afc4378ba9802c526f0a31ead167c20
SHA512b840c94f23b53304642fc4cedd185af529218b81fdc960a8e6751a9e9986d0d50002bd2d44d0ac1634c7ebd70c397674214bcda924358341a197a1d0bde993a2