Analysis
-
max time kernel
66s -
max time network
68s -
platform
windows11-21h2_x64 -
resource
win11-20250410-es -
resource tags
-
submitted
16/04/2025, 08:56
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTNTS1V0bDdKNTZVbmljSExkcUVpQjBtOVpNUXxBQ3Jtc0tuWVVjcGZVTzBqMHo3cE41bUFlckdSRUVHRU93WjdwbUo1dUFrUUNxR1htUzlCdktsT3VodURGdmFMYWJKbXN6dFd3cFR3elJkcXRHX0lOUFFCY3FYRzBBMDBiREpfdTR2SzBBc3Z4S3J4MV9Xd295WQ&q=https%3A%2F%2Fenderman.ch%2F&v=xwJJkvIsEJQ
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTNTS1V0bDdKNTZVbmljSExkcUVpQjBtOVpNUXxBQ3Jtc0tuWVVjcGZVTzBqMHo3cE41bUFlckdSRUVHRU93WjdwbUo1dUFrUUNxR1htUzlCdktsT3VodURGdmFMYWJKbXN6dFd3cFR3elJkcXRHX0lOUFFCY3FYRzBBMDBiREpfdTR2SzBBc3Z4S3J4MV9Xd295WQ&q=https%3A%2F%2Fenderman.ch%2F&v=xwJJkvIsEJQ1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x350,0x7ffc65dcf208,0x7ffc65dcf214,0x7ffc65dcf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2200,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:112⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2412,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5040,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=es --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11283⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5752,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6024,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6304,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4732,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6580,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=es --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2016,i,731443690340154254,5378950658888784423,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5a7cbcb2946bf62ef6dd2b7385df01b8f
SHA1fe2419699c98f7b16b9c727152b5f5ea6aa6dcfa
SHA256f1581ae03cbb7152182feae33e7e2cf27069e9b84f1840dd246903fb4e1339b3
SHA512a59d9d2b3fbe10b3b54f6950afedac3009077a44b5133ed8b354a75fa1ec9eae6e59d528e9784c8604cbd1be08727f3009620ed82104d7eeb537cea1977c1bce
-
Filesize
3KB
MD505ac44416852a58d305173285a83a20c
SHA1e6154b454c63db2614f88dae999889714510925b
SHA256583a3ed0b836a5d7609eed7f509af9c2bd3d5f219e2a95e2b59022dda207a114
SHA512cd08c569f73ab6dd767aa58177655fc59a159d926f3394461d92b8ce6b99fd1e6ede2461dd02a34cb6131bd2424c4ba4454dc71b549383b1d0cbb97d879e2d0a
-
Filesize
3KB
MD5b748b62abb950c4f2057d7137160bd07
SHA1c325094f8cb9c02215e5dcf10c389ba5c39f8405
SHA256c1c1032d8ca39a85a916fa59ec1d11772989d348056c0901fca909b3895f8021
SHA512a22efb2c78501335aad49e36a2539f2a8ff674f522208b62de4557d4463959d34566d2ad95cf23c759969f0ddd6d4db86a0efaa137db46cb7781299865abd82f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD5ba4f41b7fda0f213c7d7d5b88fd57038
SHA1ae4542fdb858e4af0dffc32bcde1b4e76e1796ca
SHA256b23c6ab80b6ccc32e0412d27dd754b5dc0457cd57990c0998f9b1bb1fbd532c3
SHA512e630c96d4d49f0c050de922b4d0ab5bd4103b6f7d1425fcc8211737980e2200b20857efa1b9e7b881632e85082f88ee5b63e03f78f0ae29fc02290fab19088a0
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
411KB
MD5fa9d6b28fb1214653c53f685295b3ec4
SHA13dd8bbf788e8bf66620ac9be96f4d0ce84aa066a
SHA2561697a697cf927fdeb019b39b55942656f522e38f7f3885bfcadfa8dfec4e0e95
SHA512e03e2b1eb5454ba1883528a3eaadcd600498fef98831e223943006ba1284f8a96e5f4466134c4a7a7528abc655745549c526e456851d13734399162929fc7725
-
Filesize
411KB
MD51e9240bb72f6bbb034473208f57537df
SHA15475dee3ed44ddde1bcc1e5988940e28703c950d
SHA256e6defd4fc8dc330babf4d39c889e13052ea6f6221be54c9162af81c6a74db0cf
SHA512b6a8fcf965bfb733bd704bed48049905a73e9beff7ee5c32048b8c7b2bf0fe828141e1d87fad6140a4497d04109940bb2660f1f4cbb715d9cc16669bb6063486
-
Filesize
37KB
MD54595f2ef9666be0640ed5a036a6e84a8
SHA15bd95b440238d7fb2729936bbb5c455546f65830
SHA2560bfd3388b9ef6e6ccc85ecf28a1c4923ff7533530c0132ba0da7028fbf9d68e2
SHA5123e4937e7c218e0c2f381a1f83216c2a51b8198f5317f5f3442f6fe6389f7556250b954c477243ff1e9329b58091e604f8031118bb9bf889de672f6d7cfed58cd
-
Filesize
24KB
MD5d55c7dd354197a7db65fefd894d3a631
SHA15e366acc7a788270b714b05b4420b4f6b2fca605
SHA2564887daa1415495a9fda5e33eb775b93730ac6db93911167c3d99a1cad36cdceb
SHA512d80912e12c2865915eab976070e72c59726351457ed6bbe12fa1e10c22c8236f33de2e9f7133ac0eed9abb9aa87068a0c670600ded56da15c57569311652623d
-
Filesize
22KB
MD53f8927c365639daa9b2c270898e3cf9d
SHA1c8da31c97c56671c910d28010f754319f1d90fa6
SHA256fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72
-
Filesize
50KB
MD5207df4b9b208982196a2560ad4bbba14
SHA1615106160bcc12a19250d7ce0a48ccb8b10a61dc
SHA256712cbd7cbcee493a6c1ebb8b6255fd213e85c35111f3e03c5d8a7d6dcc8d85c9
SHA512497a2ba8fc5018f5b40c8832b2e013c55c899e9db6b1071e1c62afe0a10dab914ce2bb9376e6698523b106c3503b22ff118fc773b06999080e62915ce3f85534
-
Filesize
41KB
MD52281590b5b586ff3ae3055f287733a2e
SHA11c50ca9ec1641a6dbc70e4b9d1c5dfe5c8b3e1a7
SHA256f1a203402cd65f85647d0e68ad8d652e93ecf484333f32d50fed3e40b0c668d8
SHA512848821cf8fe3eac4db41eed21d6d386d7a11ecaec1caf093f3420aada749539f6599b8fcb76113d95d06bceb829f5cbac54ba4e02b219373925e8a6e99205f70
-
Filesize
41KB
MD5ecfc88c9aed46b5fcf6ad3561c1eeb4a
SHA11d54785f7b83800866cf7221ddb4490e69a6072f
SHA256f712d93c09f59fb6d9db286363c55d7af79908d0bd739d1dc7f110b2828395db
SHA5120c77862c3db2b2fa5537d55a3f3a1117aedeaf57320326e7fddad91c02884e1659c98b689aa54ef6d42bee7e76eb3452ca4a367018e5810de478392267696eb6
-
Filesize
50KB
MD51213d212a2f86473875e1cea48b2dcf3
SHA1f22c759c5d884c477c475ae1ce0df821b10ce544
SHA256be2f6ad7844e4b1cd6b1cee51cdbc10850aff742ba783e678f58beee05f74ae2
SHA5126040b3ee63af8c8c09ed78bea80c8fed349da912442fa1f5ca3948b1fa0aa21def03c02d59774917d8629a01d9c2f1b87777fafc6a3b356d78583dd4643a543f
-
Filesize
392B
MD5a3d00872f47ad6162e0497bebf6314b6
SHA1fe67cb0f9d10e8b0a20fdf53bc6ba2100ad552d3
SHA25686d8f277e51811ebdd3617f417e409d037fdb1b0ea9e5eeb19327c2a1b2660a7
SHA51212477eebd7b05e5efd88f596687ccfef9bff69d3bbbfc3cf41daed0c77acd1eae4456fe2570ba51bf27805eeb16da07e70eb22deb34937e2d4ce256b0adfcd3b
-
Filesize
392B
MD55c0381fcf1ad2ffb468181accbddabc9
SHA1fca1e7f6da44b9e9163b83376c17c49ae1e46b77
SHA256e91bfd23e4d711177f4913767b9e5293f6298e728a4e2e221c09c5c2ef6235d4
SHA512126b4d40a225a6a0d71a7ccdf8f2bb4f0fe597441d5ddbb2452d3474513e1ed6261ee9e486659e66b97da57fa885fa1773d10c5b48d8f37bdc39f0e9f003dab6