Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 10:45
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 936 msedge.exe 936 msedge.exe 4720 msedge.exe 4720 msedge.exe 2512 identity_helper.exe 2512 identity_helper.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe 4720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4720 wrote to memory of 1408 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 1408 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 3884 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 936 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 936 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe PID 4720 wrote to memory of 4868 4720 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1drv.ms/u/s!AiS9D6TfY0bgayGm_c0bFbiFmbI?e=1o8j9E1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac76d46f8,0x7ffac76d4708,0x7ffac76d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2296 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17011814095613689419,16414900956523360054,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD595bc29682db64912ebef1a78cdcc5e66
SHA11fba46a7a43747a6d6e642d6f40a67573dbbe06d
SHA2560b1e791423b98adf220784980e524eefb720ffe6b8ed61696b2cd5f86cb3d7bd
SHA512574a67ff2d130a94dcfb077a402b326aac05d14f8bea55207e4f48a963a567006d66bbe0d39d73b025765dd4ca12efea906f9aeb806d3f302324f4d53f70e016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
644B
MD53d2ca70963f81eba83e8d6ceb4ddb7bb
SHA17d9a3bbd02caf7d76045254a8c508403e3ecce82
SHA256bb7a7aa4d6661a9a477848a65050629cf668096c0c76b3f69ca1361ccd9679b3
SHA5127e966e18e853255440cae601af16133d5f76b263d644cd35e345d872cbc746891d34daf3082b2fb5e34342308399a83dede2f01b8ee4b597c8e5ad58f1c3c012
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD534958e0d1cc601b57c0d171641ed3f92
SHA15051114ff15b04441fe125337561b13e6633dc70
SHA25621e14cf33e3e9ef4ce611607f6a487898bce6498c72ba5c8bf23492553d388ae
SHA512353171dff7af193a2fa2065bbcc879db1d9dfbc23aeeae9dd0c5b2364a030ce14c6fcf83b581b4832f9923c79bd12f8c240aab447f7089d812b192cb87d0b1dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD547e629e29eda43a3ff6c37df8f8c92d8
SHA10f7e28fee8a2d833ea6a40611483eef078fef7dd
SHA25622d07dcae0036e37749cad8d53b4531758a853affea3a012524993363ccb775e
SHA512c84cf34d74c2d18f3a9557220483fab3648ea58c70aa8a2f6110f87096caa850a8f8f6091cf84ad9aada6134b1448cc22132bd2032d8dd04074905ec1308f146
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5eddce587de97fca1ca5ae708be73273c
SHA1f7e8c0367e865c7de9e76e92c7a305eb5ab7ce69
SHA2564befce1358db1903171b00a8371653758e0e5f99267eb2ff2842b78067fedbd6
SHA5123462f3cf121f1b6be24e842240913015496997b053cddc198e2ef4d532b2072003bcba886ef367b07735860adcb56bbeba4a8246e831fc05ed4f22a1c1422aa3
-
\??\pipe\LOCAL\crashpad_4720_PSSLQTMTKDCJYUOBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e