Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-ltsc_2021-x64

6

Analysis

  • max time kernel
    27s
  • max time network
    29s
  • platform
    windows10-ltsc_2021_x64
  • resource
    win10ltsc2021-20250314-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
  • submitted
    03/04/2025, 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/drive/folders/1PHU_VYeXO9iX46x9nL7OXEK7fY4z-zhX

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1PHU_VYeXO9iX46x9nL7OXEK7fY4z-zhX
    1⤵
    • Drops file in Windows directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3708
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ffbecdff208,0x7ffbecdff214,0x7ffbecdff220
      2⤵
        PID:2080
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1800,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:3
        2⤵
          PID:3896
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2264,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:2
          2⤵
            PID:4176
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1976,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=2656 /prefetch:8
            2⤵
              PID:5264
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
              2⤵
                PID:4472
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
                2⤵
                  PID:1532
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5060,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
                  2⤵
                    PID:4892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5232,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:2
                    2⤵
                      PID:4932
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3448,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
                      2⤵
                        PID:1324
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:8
                        2⤵
                          PID:4016
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
                          2⤵
                            PID:5088
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
                            2⤵
                              PID:2232
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6028,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
                              2⤵
                                PID:4436
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
                                2⤵
                                  PID:3968
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6320,i,7737655432838412740,16072642397995097503,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
                                  2⤵
                                    PID:3428
                                • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                  1⤵
                                    PID:1956
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                    1⤵
                                      PID:3028
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                        2⤵
                                          PID:5552

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        280B

                                        MD5

                                        6c3ba40e438b794a4630cfac27b4855f

                                        SHA1

                                        255cbd9d9013024a359b4ac1187fd0f39b89f46e

                                        SHA256

                                        44150c3a8ecd45408e7bb17ad9cd38d3191e8ffebfb8e09f9c41b8f59620a5b2

                                        SHA512

                                        344ad251942b3e6d2844145607029bfd2439cf5518fbc6e0e82fa6bec9f5ff391ecf38025dcddc8158591bd433b767126b2c7d520b7a97389f31aaff63f3188d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084
                                        Filesize

                                        216KB

                                        MD5

                                        50a7159ff34dea151d624f07e6cb1664

                                        SHA1

                                        e13fe30db96dcee328efda5cc78757b6e5b9339c

                                        SHA256

                                        e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

                                        SHA512

                                        a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                        Filesize

                                        107KB

                                        MD5

                                        2b66d93c82a06797cdfd9df96a09e74a

                                        SHA1

                                        5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

                                        SHA256

                                        d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

                                        SHA512

                                        95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                        Filesize

                                        40B

                                        MD5

                                        20d4b8fa017a12a108c87f540836e250

                                        SHA1

                                        1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                        SHA256

                                        6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                        SHA512

                                        507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        16KB

                                        MD5

                                        75c76d6bdf4db7a8d8332c130464f3c5

                                        SHA1

                                        5e9451d33b73dc3145393565f58394ee3e019d08

                                        SHA256

                                        3e0f268e8c87068ed90bbd9c5639c730161a40e9dbb178a1234e9c0dd739f93e

                                        SHA512

                                        fd0bcd9d33496cae3fe7167981fbbc929a968197beaed273992114aca0e104258444d49e4f684119e10505dae8fc7d0c96116bd3f3c29cab6331283511585320

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                        Filesize

                                        39KB

                                        MD5

                                        923205069d67dd14d5be094a093a0b9a

                                        SHA1

                                        6d64ecd3f94158398e3a8fe39fb6227ba72cfe97

                                        SHA256

                                        78824eafe059b51f5b789ad22c183ffad28b5cf07d06d2987d96f24aaf0693b0

                                        SHA512

                                        3e3fd436d6d61167a03e88a5b9547844f6e4ad213824677d308e5d8446487f946fe24da2f8e3e0ca6c7b1e52e9c64c3d2e012e737b957a88dc00e98bd1d4dc2f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                        Filesize

                                        72B

                                        MD5

                                        4b9268afce1a2b5fddfae478003c876f

                                        SHA1

                                        eee3a8feb39b2406868145473d3889088227ea6c

                                        SHA256

                                        6705b04610f1de17365c1ea02908005f5aa85fc9b257daf097cbdb7098782764

                                        SHA512

                                        b479dd57edf201bb8c20554d01085ce1699c9542931bbc9ce54431974da03318171b3ad5246d1eec669fb2e3709b96ad34836a33a5975ffb9af635c21d4869bd

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e678.TMP
                                        Filesize

                                        48B

                                        MD5

                                        8cdf46f93471698940f912cb17dce9cd

                                        SHA1

                                        79731095bda90f93a640568c9b02928b9b5b1cb2

                                        SHA256

                                        c2397dbd23d53939c88ececb742eb47af7cb88e280993d6870d89ea5f52f26f2

                                        SHA512

                                        797e986b484febc75374669c762513faeb87f8566c824e6a4fe40dd55a940458bafee141ed42ac846532efd568daa7eb7061decfba772435d8751714ae558fdf

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                        Filesize

                                        22KB

                                        MD5

                                        858426b187cd546e87dbf3f6b4c7eb45

                                        SHA1

                                        50f93443c49b1aa2475c4682dfb2d6a3c2a805b7

                                        SHA256

                                        85f87ac7f1eb955a5b481762240e5db574758074fb925a28f212595a1b07e2fc

                                        SHA512

                                        88de34b1f2ea0e72783bcd47f0bced2bc81042c1c618faeaf18dad469469f5490403f3d1c1023fa496ea53d4fb8c7218c8df111abefb736319f1c89d2d986017

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        41KB

                                        MD5

                                        94024f2a200d78f6b065851cf5d4b924

                                        SHA1

                                        930dfb98c8b3c657d04a6d5a23d5f1d0cc5139b8

                                        SHA256

                                        f7ace8557f7a8594613545abf9967bc23c6c0d203ecfb407143a5e8ca0650a7d

                                        SHA512

                                        5e9bdf6c79e04962dd947f24bbc30e672a0c3d38adf2796c414f0baa8ff3b3d7fe9233ff6ee610971bab97907dd6964160b6ee71ced0de281e68dccf7ed578fc

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        41KB

                                        MD5

                                        655a5e94078c1d523088a8a75ab58e43

                                        SHA1

                                        42ea9667ad99382b5dd6ff70df5413ea4324a0a9

                                        SHA256

                                        e847f9d87d5b149a97228339b7ca086958a92262e153d48c296423d61878f4de

                                        SHA512

                                        8b6cee5a1e7beaefb28d2b03fd3f3556a020161f3d350aa522b32a851bfc2693a375572732a54d57c91514b27cccd216003bec4bb222fbe453b42925dd9dd916

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
                                        Filesize

                                        152KB

                                        MD5

                                        dd9bf8448d3ddcfd067967f01e8bf6d7

                                        SHA1

                                        d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                        SHA256

                                        fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                        SHA512

                                        65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                        Filesize

                                        2KB

                                        MD5

                                        f30421d3590f7a9d7eb38580c04260f3

                                        SHA1

                                        a8a2dbdabf9929b9e9b226904cc2380e947b3139

                                        SHA256

                                        c0208bf2f6aacae1ab21bfcf8100adb12bef00e255d741b90458a88859d97159

                                        SHA512

                                        6840a28a836e32bf84f1acdcee123019aa3a8d05a550d0f81ec25663bd9556f2440486a3fd6daa8d2b8f7ef83c74ee4d722d7b63a1e7e0533265051871d12a81

                                        Download Submit