Analysis
-
max time kernel
90s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 17:08
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 3008 msedge.exe 3008 msedge.exe 2772 msedge.exe 2772 msedge.exe 4784 identity_helper.exe 4784 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe 2772 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2772 wrote to memory of 704 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 704 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 1780 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 3008 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 3008 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe PID 2772 wrote to memory of 2200 2772 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://krs.microsoft.com/redirect?id=lxDNVZKK1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b7446f8,0x7ff82b744708,0x7ff82b7447182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,17310048604462682812,8324838676847250477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
543B
MD56ad836114875df656c3118bb8f14936c
SHA1c587b7122ebf66a82297deeb113fa95cb8034920
SHA2564a50b8e6c40c651a7704438ab666eb8593e73f65f8cbfe596d766c6e3e95ecd1
SHA5122b17d5ae9650fb2bbbd7fb89af30f2edef0a1fd2f1191aa2957ba4abb704f082f71a5aa80e29fd56b7247890a7fa6c81554011f55bc3e5196cc52cda368b4ed3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5dd68c50d1b1b41f68248c830325a8c6a
SHA19fd1b8c75f2b3966fa289c33b2225ddeab2248ee
SHA256a7bd24e79906354075e7da4fdc65a503b1502347c8f8a48f66a151b141aa72a5
SHA512d23f2a79862f8a61ab58a5af0fda9e1b77d4df0aff6864afaf495a860b13f1b2c23a3d0162bd13ad22e955a69a8ba4e41a5d11beab20c6b85c3b5b228a8f73b4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58c910d0624b9d7cebc369eccc8d24b63
SHA1ac17266c5274cf3c6e3bc3839eab86f62437ef41
SHA256cbfbec06428566cec7fb0915cd10e67252fac81c9d344de10115e412300f69e9
SHA512f41303a046984d572081c05a30403540001da125c4818cabb897eeea8942b14bf04e3c5cc501edab823a2ca937745130c013e46ff952a1d9cbab85df727ae142
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5371da0f133e31b8a0f20470e8c74cace
SHA1923c09348376727cfe77d2e7d442530742ac482a
SHA256974f9e03994f882a319c88d1b28129ee4a36ed7b78f8fdfd35d07a90b44f9703
SHA51217730fc83cff171048671b5385bfe5bf384b05852eee06ebcb58ee7bf7393aa9d0a4e002f73b3a152976c30a2a7ddcb30b689a10f0dcf4888843e5f060a64fec
-
\??\pipe\LOCAL\crashpad_2772_HPOXTUCYEFYKUIYIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e