Analysis
-
max time kernel
63s -
max time network
64s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
02/04/2025, 23:26
General
-
Target
https://drive.google.com/file/d/1EYaThZaxjofcUlpQ9QNvF3qq0yYlxzm7/view?usp=drive_link
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
-
Drops file in Windows directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1EYaThZaxjofcUlpQ9QNvF3qq0yYlxzm7/view?usp=drive_link1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7fff4203f208,0x7fff4203f214,0x7fff4203f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1764,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2392,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3388,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5140,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5376,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:122⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:142⤵
- Modifies registry class
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4684,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4688,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11283⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6560,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7000,i,9622609777014117452,11941952871163262479,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5ae987eb15fd5136f2fa707a7b1f18abb
SHA1bc4aa67ba8692031bfead4b653fc6fefaee3dbbb
SHA256f5e0e4ee660e95e1c4f64d5aa134aacf9f7fa1a9b9cfaad10f5b57b24d331d1e
SHA512fb98d55c498ab80b1f7886b56d0e652e648666bfb13c61c20d495dfb9f2e473e24821efc48f103fb0705e199e56b3e23a0bca82c0296d690104eb0d79032c0f0
-
Filesize
3KB
MD5559d1df3df6bcf9209013e0f79ff8a26
SHA1082655ade2063722c3724ca665d25b33d0d6f747
SHA2562b22e60c1bb0e74055852d0e391415d3fd572a2dbfd5ca427487a6476e5503c5
SHA5129f2e180d1a8a0c273ce00cc20a001b7bd5d9d6a4009e3a754866ca01ba5bcce1e302cfd7c81122e6d7f51477be9e82d1656e40a45b56cf66412e2bd65a3373b0
-
Filesize
3KB
MD54f4c3ab542b7802a2ac114cd8ff9cbd5
SHA1610dcc2a1680e9f9d5d6a1ab5bc33b5393fdf707
SHA256645bb492e4038f0243ff4fff3dfa69e0c639bf9e28042ce630348ad4aaec75cd
SHA512f98b99027d53079aec5c29736fb43471ef00a16b98f53386ee8b5c907d51b25301b13e2f4d6a1f526019ced6e1b50ea2da23cbc8e66b1d3fc3dc8dc30687c813
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5ca4dbb477eed62ce81679c50f166db7a
SHA1955a006e9db1f279bc00bfebeda0c96466068d21
SHA256589f5121555c199ca8751b9e483740ed1ac2637d8e8906d1e7c60cb912d7a533
SHA512d266ac4637d1fbabb5b9409b1952ed4a95bb11d20dbc4bc2fcab6c7ff14db574331677f035e6517f9088c333e13ea3399d661ac713c0b02590d53d97f335249a
-
Filesize
37KB
MD5a5ac7dc6640f31795311e8deba014638
SHA10bc4404ead98e9440025b19a15840059602c7a74
SHA256c4fd741d7c66a033035491348167e677c6deff7cda060bf6fb5f4967b301bf96
SHA5126d6e1f52a6b71d09feae5db423865111ffd7f3d7c08a8c1431bfa8353666cf6694b3c24181ac2044f36348651bd816ca879df3b7dfe5e9ea986000d195253040
-
Filesize
22KB
MD5ad6fb78b88c6c6e069e8a2b49afebbea
SHA198d13bb1e5cb53d01847c492e07ce6453fb0561e
SHA256bd45726d44cf648faa3757505122b8a8786bb558c46abb096bb516551d6790bf
SHA51236bdee8a624dbe34b795dc7bdf89e52415de9bb29f27b4ea26813666480ee01363145a7532e61a9dafec6426cfd6a9343c8e194284c8dea5a7db01c5b688f695
-
Filesize
900B
MD5546cb7a87d20c96e04b2e35890e1a13c
SHA130344b09ce87de0e1e32b2ecc0574175960b9e3b
SHA256e0ff085cfc1237ab5602f2f013e88a0ccd5c59f06c870f65e62ff7a15dec9bd6
SHA5127f2cd8678b702aceb9605a75098b5b385059df15790125f539a34d4abbfeb5fd01b94bd83997ceca3997ab0ef6a7eec7890f7539374c274fbf9c6a7fd15a6a92
-
Filesize
467B
MD5fdbc9a86f56a33dc7d73df04e230c35c
SHA178a14afc7fa00ee316e6b52d75c14b2ce60e152c
SHA2567e3a7d8fb6bb54ec6f44a7cfdbb36573d47fba33f2bff2dafbcb42bb8c8943f3
SHA51267019d322d828df531dc686a927a8c3eb255c6b4c8beb68598bbe37eb9f735a7e7455dda0691bfc3f5002316571c2f0535cde73ff389883873c3456b271107cc
-
Filesize
23KB
MD59e5ebbecde5d0cea52c962fdc02c29b4
SHA1a943aae0848c7f9393d566028990e49afb53ea7c
SHA256c29588773b07b4822a3f8ae9594a96c5925e1aafd8090595171e18b4012308d8
SHA512e56ec3fa1223580ba0deac6bd386d94ebea9c2c6d41bbdb700197d141d15aa0a5a146faa5c4b266f48e05742023e5d1640d15f4ba387a6dacf760368d426b832
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
41KB
MD55c01b9fc55c0959c458c0863fda956c0
SHA1c9198639ffa6d1b8708ac94e809069ef201fd20a
SHA256af37e8786b4e2cf4b9645a85dce26ad1aaf38df4043be3e1000fc1431122e92b
SHA512803a4786bea4d74d93ab9558f7a51fd54bfce12cee7e5f20d955567e6541006dc1e528109f177572b96ed7719fe16daffdb178f171a1120a0cc43c46cd5307a8
-
Filesize
41KB
MD5e72d8fb5d8a40c6943efbf3feece9b81
SHA1f8018fb2c1cf0a379b03ae424b1804d585af2219
SHA256f4d10a094a5df9224eb2b02169e35e7568dbff7f0bd90bc2c945944bc17e34fd
SHA512064e3ce2e4ba1c06d7dbdcdd7edced2d3d0f16eb30ba2a6eefcab72f1e967f45bba21bd92e906948666b8cc2e8393b7cf795257e13e78d85dcf5c45641cdba61
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de