Resubmissions
25/03/2025, 15:30
250325-sxj24s1rz5 1025/03/2025, 15:26
250325-svk7ds1rx7 1025/03/2025, 15:25
250325-stqeqa1rw8 10Analysis
-
max time kernel
78s -
max time network
78s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
25/03/2025, 15:25
General
-
Target
https://ispdindia.org/wpimages/none/bonne/index.html
Malware Config
Signatures
-
Drops file in Program Files directory 5 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ispdindia.org/wpimages/none/bonne/index.html1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffc1ab1f208,0x7ffc1ab1f214,0x7ffc1ab1f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4952,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4976,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5508,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5636,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5052,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,5157905973828485969,10447353350872906741,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5df2d1721cd4e4eff7049314710dc7c11
SHA1f5aed0158b2c0a00302f743841188881d811637a
SHA256ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA51211fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4
-
Filesize
3KB
MD59c07cfcbd149ccffad77f5dc89c547e9
SHA1b2c1411af024a9dee7bdd0660dec1b20f86f2e25
SHA2566a053b2dac2c9215c3ce6919ec8f32c547a0eb3a191c41438fdfc7a580befed5
SHA512b460f90f96a566e378cc3f881f15f411e325cf81f2b41469cdaaf92c831b28ad82a610c995dddca28ce143bd49c01cf06af4dd52e2c0dde8f7820fd669e76b89
-
Filesize
3KB
MD50849bba2f59be30f1b4b4b1f71def1e0
SHA1a2f33004e77dcbe3bcb373d4f536d4455b71140b
SHA256b20d92946a5b49281944781a604c601ae7a222b5f09d8d44b4b5033043cb4f34
SHA512e628c15cdf9445796ea44fcd35521ba405a4ca8cc6e339ac51a388392035048485c65cea36fa3997396b1e7148df4ab376f4e28e135ba157052460e47c4516ec
-
Filesize
3KB
MD515f85d7dbd0b1ac9b5147609662e8eba
SHA1b377ce5cef42ecc0692a9e490ce126f579404cad
SHA2562ab0d6763b839048370dd59057e9b24699dfcbdbe3c923be02b16c1c78b3e71f
SHA512e3f11a77a4f4c949198da3e86f050018bff7192dec709f611a57305d412f09595026bf5b167acb5331b7ea30cc2f1f8d3f1f5aef011b03c3fcfbf1f943a8bc85
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
3KB
MD5edadf47b0f5d1dab511473508a408261
SHA15ef36c893ca1bbefc799991218b0fb7639dd6897
SHA2561c5dda9b3075e0d5d094f1b60464e9157df98e97145247a508f5c18a3e9856c6
SHA51261bc65b54a5c67a215ab0cbfff3de0efdcb0f9151b5e0e1f2f5e9f7892535a501b51c47488fec0b3424b18e9d9c336317d19cca129fe5280b620c97bf0b09104
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD502635dfdbdcaf72939f4575d5d942bfe
SHA181e25b20b09cd6aaae1f36ae4186f2558355c20d
SHA25647dfa45af8dc1db736e9d6e142900f232099a5c3db713cd4b07ede2868ff6a24
SHA512912a95a50e8c9241bea114badc62307d08a263970f13af97f45b93e84f66fcad64daf324bb3ec009fdea4714d283c7ec747b87ec227f341670859127f246b8c0
-
Filesize
16KB
MD5c331d5b611422422ed9dbe5d0c19f3c3
SHA1552ad1f9da3597f940c5ce3be9d58252560b7942
SHA2563797b180186926b967c23c609b362b6d83f50f915c23aed9a0c666956bfbae55
SHA512ee11b4ca5d048d6678877dd8950b822ea30f7815da9fe5b458ce22ec5e450ba8e7137bc871aa4d181312946331992cce64b5aa9e9fcab869c9a0fd0488cfc3f9
-
Filesize
17KB
MD55a3bf94ed3ed7149461e17535ae4714c
SHA1a7846bbf9877e5d0aa09b8e53b4cc536d04af3d9
SHA2562e85b7bc8b7090d9d1e03806c7659ac59d95caa473bd4b955e5d78ce2efd78f9
SHA5127da4ce012a1c1802f68792fad1fd961d47cb43982957b89cfc9005967d96c7b5d07c9258a6ae8408515f80cf998b2b7a65f2b44ac862fc834571374e7bb3b2a6
-
Filesize
36KB
MD50899cf2da5bd2df73da991781df1dfe3
SHA15e30ef528e36ce1095a66d3d1afac81948840df0
SHA2566f27d77d65250d94d98bc70769393903b104ca86a14a09c4db6e2bcb5b9be9dd
SHA512bdeeb40b68f436f1a73d52349a07b871f6755da027bc9361f2aa841b4596ddc070b578de3132ed558a659d031978af8b01d6fec63f14822572a7fc0540265aaa
-
Filesize
22KB
MD5101ba85b9c380622405c2cca5035134d
SHA1d6be0c1880f1ad00eb471472dd69ea60e8cb0777
SHA25660f5cfaf749e4fe9f2496d6dd0ef16158144d9aafcae9976aa040150ad2a7159
SHA512da32c78258f847a27d42ea4445099b8b796d996b1141d7bd63fe43b3e1ef38a336a0a20cfaa3d0665d5ad06cc83b5a9bc6aca868782e9202a061767d9b646a7a
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
469B
MD5b6b7f1a4f07ce3deacfff31a5f7e9990
SHA1afb01f6b3338d629743b20bef4c6db8eb4f62c71
SHA256177e1e8f131799897920ff4dc7663f1c8bdaf0a74bd8e58b9931db299ddf15b0
SHA5125bd06d7aa706a5e79c480beb272bd95f7834b65ffe23ab3cb115c06cb3746faff5fb4023d3336784db65310ceb4c285c081bcc7061fb57c898c2738db5a3ee74
-
Filesize
23KB
MD5a90f12621090c1d982bb5105687e6ba8
SHA1c9fad89020fbb1ebf631628aa15eda92c2c26efc
SHA256db45b2d8f757d402f861e555183f5eb9babf159d1fdc547eb1e910c0e532bbd4
SHA512c57ccdc4db4cc356196e53b63f4ed0a2f22bf6ca8b94ff8bee3c76f4bf8e6254fbcc8c6daa03b991d6726fc32fad21354537fa6e6727d56e333d76c1de008281
-
Filesize
904B
MD594f1f1b8e94f6b65cc1a6d9b634f1578
SHA12c64773638860b86584c6987b1f589498433880a
SHA256cba4f6b15ebad7b94489c4ddf09de7e4aba17c92f70943794315d3ae2e0b614c
SHA5129b78de8508ff578dd583e802f40777fa8c054cf4e3a3c7bbdad6ad2d75e64740e2f3488951694448b82baf46d10dbe079f6caeb6dca67e1e8af96066b94e4852
-
Filesize
40KB
MD56ba94f5557e3bb638c0fee6dea2c2dfd
SHA13b1cbd50cef10f7dc1f8ef19b63869ac3f211000
SHA2564149f0d11ce49f78d7db93d77d5d72b208c47690944c79a6078e22f33e979a31
SHA512c5ad12c7114a1e30e7b33c643b7e0f2640e6a4c14dad95b0908efe675c9ef6c59550e9c78179a87801e43615551628962be862ef3d6b4dd7ab7699128713e927
-
Filesize
54KB
MD583fad83529bd5b437374e765d6cbc4b7
SHA12376ea4ab95a2371f0cb7c190f76f8972fbbc09c
SHA256c07a20df2a8a9d968a2c3c62c883080b475d077f84edb217f2ef88990501fa05
SHA512e401fbe77040726b3cc489f71a14a8df65bd1a440d5b773e2fb3d6a4cf59ae22d3f65a83968739dc413fa143141186e5cee53ba9e0bb7c9cec074988ab49965d
-
Filesize
49KB
MD5a9bcbd3ed70c28681a30a7a8b393fdb6
SHA1d5785d2b9391a18b11cd890b39f6acb0a1602696
SHA2562c5f40502b32b9e9cfbe1b823dca05ad667c03c0164983b85571f1489ce03899
SHA512fc14ae8302683a11aca1c7379d40a7a1a605a19ca26c1e20496cf9637c471092fefd52ebece76728a8eb87399102dac1496579a691ebb32f2cc28f61b6df9f81
-
Filesize
2KB
MD5b38501854d2553152a7837673e52132f
SHA1a016f8d2f44595a7e940a6bda51c722f8c0e0865
SHA25643139a39ad11f438fa7495bc8e382ce01937806ccbb92f64aa50dec29019949b
SHA5127b2ad2e39fa23ff6918c35c1e5119b55d06cad1bb8de0c4f8bb24fc54c691daee52a81629ec04918e1b293feeacf6ac20f77e7652804ed12d8d04f41c28e578a
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84