Analysis
-
max time kernel
4s -
max time network
5s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
30/03/2025, 21:04
General
-
Target
https://prem-01.uploadhaven.com/92/application/zip/g8iMneY94mexiu9tzDPsjiZ1XaAddLMjBPgMYFgg.zip?key=4IZKg8bxCc-81QPkaWl71A&expire=1743625426&filename=H3VR.v133.0.zip
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://prem-01.uploadhaven.com/92/application/zip/g8iMneY94mexiu9tzDPsjiZ1XaAddLMjBPgMYFgg.zip?key=4IZKg8bxCc-81QPkaWl71A&expire=1743625426&filename=H3VR.v133.0.zip1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b4,0x7ff9dac1f208,0x7ff9dac1f214,0x7ff9dac1f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1888,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=2908 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2352,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4008,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4084,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4076,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4212,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3556,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4916,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6048,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11323⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6284,i,2748793238550206593,15844289029137780684,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5f0bcf421890d71de9ea5d86618e123fa
SHA1e713a6e01df1063273b045879d8130e30b60a52f
SHA2560e614b387317998c86335118e9a94ca75d78c3799bea33a41b9e1197b392def9
SHA512256093a2f7cbf0050e221e2eea5ac92c59cca8be1a9fdaa0271e98ea556aadf6e2a8bcacc5c97fadcce5e2e606680a95b2130c2c0e8507f2c827906b1d250a72
-
Filesize
280B
MD502cf1313b32a8ab2f031cee39bee8fc3
SHA1861cc0ab9ff881460dd6433e37075b822aac9355
SHA2567e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61
SHA512f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700
-
Filesize
280B
MD58165d331a65e980c7f75dba657342854
SHA144967c0388744de38b07e07e3a9cb174854eb7bf
SHA25608d7b1fa1c3cdacb73cb9b34bb51a0516bfeac2f10ec54f2f27469d1c97820a9
SHA512ee23180ed03c5042d6e6343ac2181a6d9ffbbb775e1031222e46b4a61eca4f1caf2dab50269271a07b284e270195595c91ce8c43d4cef77c8873845216546e54
-
Filesize
3KB
MD51baaebe4a745f6ddddc78ac78cc17ccc
SHA17b283845f42adfaa0276ebe824e378fac406628f
SHA2560cd81ec0a0d7f4d42064f8162ede0393fbeeffefe8396a5fc77b95baf69bd178
SHA512131d9c061abbc1da768f8a9e7e454e481bbe743ef5f6560824fd20c2c35265ed1fa5284da0995be3927228587f910b30b4ace0df5dcb9faa0e9587b479a65b24
-
Filesize
3KB
MD5382d816cf26420b566a1cbaafffc3456
SHA18dfdc933d01dc165687202c2d698bc3e6cd65b8e
SHA256e6f157d1048e46e3a15d031a65435ff5b5274ac6a4a9127637a1c78d9288cfd7
SHA51292cd4e2e0d5daac88cd547e2a280a8bf2c7f19bda2e847d45c400f52165687d725731cb5b12110725dfe0959fe0297ff2615c3c27db1c21c692a69a283bafbab
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD58ad8ae942b25c16fe9cc8d835801d6fe
SHA1334bd25072e070657a40b0b245f0ee81b53f6c0f
SHA256e2c9de2f04987b2c06451a011c1ecf82da17f54e21d121e89ccd6d409312a18e
SHA51265d19428003254340907c82a7438c08e9af86226ea2c9b1ab82121f5ac71ac560f5f8e7075020f37ed5990258a12ab79f4d447da63f6a9b14ff1b35e41a28dbe
-
Filesize
13KB
MD52a8084f213e783a4e358b188cc0ca8b7
SHA121a4c2319ae92f7f5e085f15adfd68cb3c39ea15
SHA2569252e2168c20767290b499fb8da302f1d3110d5e1fe8115581c9d9cc789b4e56
SHA51232eff840898895d40c5cbac183f88f14aa44aa8397fc1951279b1157fbe10e9210701e9f44f968e53db65d94edff05064492e15b31571ea146c1600c71d99c11
-
Filesize
32KB
MD55b2a377b895da3738d74dd86473e386a
SHA12f697bf5feda0ba90c459fb5165b577ff827f4b2
SHA2565da5ae8c5de1825f021f0341db9e418946f8b15a9b1f7371ec4a8f33c5b491fe
SHA512ef32edcc582f1e0483a32f1a7d9ca7a6eb439c35d60a678989241c898915cbf1f9e67fa2e67cdde705fd0479c8926a9b90ab5db17edfc48b7ef94fcba54bc09c
-
Filesize
36KB
MD51aee6fc220f387906cce53277efcc547
SHA170686f74d0d4a0ad6e9d751784a38acd75dcb0f2
SHA2565c7a1aaa0887becf58218a6f605feb289d7756a33c22a2f9107453a17bb25689
SHA512816a53287e1017803cca998dba5d02e6851ccb8796d97b24a1dee18eaef62c4178de7cb9d0ec9bfa3b4160858cfd2ac501f6f84d038c1f134bf485de21cd2e98
-
Filesize
6KB
MD58411241562a5404a894887bac9d60374
SHA1550f6da8a203793df12e7cf6c9c8f9133b01f073
SHA256a747e0c30ccdb4506e940e0e5c380527f80d4fc63467dfb1406c1d270dac1bf7
SHA512bd22c5d755e0290e3cb8b1d8bf16e25eea601a615d11b05f8d7893e07879fb8eb5ca107e2d5f1c74c644c63a99e95d41badc288cba90386f0326375a6533fd8d
-
Filesize
7KB
MD57a8c1242f82083fcb0d92c51f6543024
SHA18cc3602e1b79bb2f96cfe72874a90e64b8853efd
SHA256abc0bc19c570cc90a989926ab4da8b592b7ea4f60256c06fdf4cdc38528a2d23
SHA5120e62278e624d076b7d5fa7ecc202339eeb171ad401f6654cfd906e97f467b85cf45dbbefdb297bfc0373bad21c74881fbb1a95c5aafd4fc806649c8956e5da88
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de