Analysis
-
max time kernel
67s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
30/03/2025, 07:07
General
-
Target
https://i.ebnqbngnaw.ru/ghsdfjhiwet/mvuwherk.html
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://i.ebnqbngnaw.ru/ghsdfjhiwet/mvuwherk.html1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b0,0x7ff92e23f208,0x7ff92e23f214,0x7ff92e23f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2448,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2440,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4816,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5736,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6444,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6496,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3892,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3516,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6832,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,2593562090534207343,1248432998346656233,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5df2d1721cd4e4eff7049314710dc7c11
SHA1f5aed0158b2c0a00302f743841188881d811637a
SHA256ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA51211fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD50cca218b3bbee820a73d459012633f76
SHA1049c923f2bee847b9c7d33fa72e67c5d36a189d1
SHA256cb685e1d3b7d48bfeae963fd08cd70c39969c4c4901293a0d23735eb369b81d9
SHA5125886d6cff4422c608aaea4519632167ebe7a7836fc7064834d402a9c0381c5fdb89925ebeaab8381dfee378baa29b513a1a3b8feaca593e7fdb02663d084414d
-
Filesize
36KB
MD59a8a316ec2d7ae2a63212fe14ef38472
SHA1dea6fb29f32837066e4e0dfc32c42e55cbe2c198
SHA256d8b43486611ccfe63c45924ed1ccb5fcaef0dc6ba90d3e274cf87aeba598aab9
SHA512b954739de717279d82b09bf8a6bd133b31f81d61de6d48510375844ead138410c058c3d4177a0305ab531a8e10a19a8d904d2bdc05c7e1cd8048b2afa3a91a0d
-
Filesize
22KB
MD52e10a9bb8aea3b682f94b5b3b9e33698
SHA12998577f5fca5f398c9102d1b1a1379f76f20f54
SHA256e09b056b7c9a2f02a9c474aed9dffd9ca93b7042b55029b656a36c91f1dac9b0
SHA51274886a5cedc9503c8d62c604dbe1b79c4981a9e71ae91ac88ce82fa47d5941c14830c6dc1e02ee245cb17285569a60bfa8b5f4b3c110493ed6a67032b99f19d1
-
Filesize
896B
MD533b437c11fae80c5254687ed2ddc0365
SHA12cee1a97be2cdd34114de1b314f93c0bf691581b
SHA2569f16d59a9278b2f5cc9489be1ae05ceacd998edb1f485d135568cdcd03c44a10
SHA5124b0ac1775379e18625095abedaf15c3c841bad960076acd9ec9426919db6849a9c582032118ab9e1a450dd7210e60c4756a9f07eb524b3aac9e338b9ae1a7f31
-
Filesize
23KB
MD58a1c468bd9573ba31b10b77a68db1e25
SHA1b107afaa2552a2c7e649932b51f50c5be04a78c0
SHA256a0480e0af97c38138949e4c6ca05e4f12e059a63c6dfe5e3d4eb6e7c567130ad
SHA51205ff58291373c970cd8073d92c3134b1b0ead7f6d16cd0e8f1c71687c8dc9628002f8ca8933cb2ad2da918a22b22ce87d87fa3bbcec4fe31eb0b2d50efb59243
-
Filesize
465B
MD52182b5d4d5e9cc4f36a4a9438aa724fd
SHA1e626986e6d7372febd4a302cbb8b161a35313fc4
SHA2568302925e3498bfcfd29cadca273079856ccd25811f9e79a6cf8db8654c2bc414
SHA5121511c6fdcf0108a3c8e5eea13b2853c52342cd15bf25d0a1da041882bfd75d766f1a0e38c07bb3e300fb2fb4a680a6f6a3c3e9999f598149fc6763b2de783ff2
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD59d1465d14f355f0a331380dee1eb1497
SHA1ff2050ee45ddd0800290e1ae281c4898081cb349
SHA256537a9b860a03d768592f64d8dc96ccf7b527fbb7387ff6f97579d20a72807b72
SHA5123c005d480e291503f64a9888df563f09ecfa1e8d8f098c23448d5abeefbee53787ffdb5aa7696ef6e17d83e923693f285ff248024e8820df62ec33c85a322a1f
-
Filesize
41KB
MD5219781512b7e21d74129fb922514a48f
SHA18311e02205b36b046c08c3e1139ef0c4cd38d346
SHA256673684afbac656c8a4856e93ae7f32dce64e50d4edbb4a76a96864b222e403f9
SHA51279b68e3bc47155edca0348725bc6991dfa85099e811962be27c7cc9f5a1718f304f0660377bccc82bbc73ad699fea60305aed54e3cf71d75ce78e9d9c6886725
-
Filesize
392B
MD5fcb77b1d5593780639c91da8245007a1
SHA1ad21d01634c0440a85b73614bf548d283b1ce5f4
SHA2566fb5411fd40ac20ec55b0029159f521de95b657f9c1aeb51038baadf81353196
SHA5125e2d225b24011b530e7d0bea677084f01c29ab65b3462a4da9ae92b8f0437dd2eb5dadc4f8c3182297898dd60d0704b0cc10ef1afd1edfe1257f24b54872d569
-
Filesize
392B
MD5385b9454f659c38c11e3e6665c8f5b10
SHA1bcdda82c9b7277f6882774730f9b46f8dd35c450
SHA2561ff24905eec69bc61eb88768e4ba785d6ae860a7ad88140c4c504aea93ff01c5
SHA512f10c6c8813b7f6a8a69abe5ceea2725fd0189522a787d0ae47fb99fa94f2b8cf426f9e82ced18f1e6cbbca3e3ccf18640d47ca2908bd9bb83c3b3c0743d0a1ac
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
2KB
MD5717c391d3d1bebc566674235b0e5b83f
SHA16f964e069dd4cb9f2a20825de437023ebd21fd36
SHA256388d05857a2502d3827d08bac9a3d2c244dff95cd387bf53a0cf1588e5ecf4ca
SHA512f096930cb9b84c45380328b783fd67a4a7f22d9770662d7279906e6cfbb44e352cb6649d52179085f841adaae0f318aae6a8c6f5647b24f54a0ab2036cb69882