hxxps://www[.]mouser[.]co[.]uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D

Analysis

max time kernel
146s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mouser.co.uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
224	msedge.exe
224	msedge.exe
4284	identity_helper.exe
4284	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 2696	224	msedge.exe	51
PID 224 wrote to memory of 2696	224	msedge.exe	51
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 1896	224	msedge.exe	83
PID 224 wrote to memory of 4048	224	msedge.exe	81
PID 224 wrote to memory of 4048	224	msedge.exe	81
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82
PID 224 wrote to memory of 4200	224	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mouser.co.uk/MyAccount/Verify?qs=XSaGJxJpLHg0GFxW8%2FHVUp2Wk8rKXuTZ5G0hfg3MDhEAwnGCAZBX4PrabU%2BDjp3ShdGbiKQ3csU%3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c64046f8,0x7ff9c6404708,0x7ff9c6404718
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4007374577100382704,9381575087839003908,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
77b00ee642e8906b5e4c8cf1cff693c7

SHA1
e6cc112e281e47fe74ce5b23b75babef4e2e956f

SHA256
022bb9dd4cc0366d1a1434c7a38ef8ae78b9c8eea86e29b18ebc4aabaf81de71

SHA512
42b38eb44f52ce791cb51973d5f69eddd547c12f2e3dff287bf2eabce6af4a033907cfca67d8206965abbbe317737ac5497b409190052bdaa4f3113e2ad825da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75e2389ea8b49a03aae92a127e04ade0

SHA1
e613fb3de026574e3bbfd3471cca9a284d07a249

SHA256
7eb40e5c244e15685bb7fa91481497d1f7931884126901e67f397038a111e008

SHA512
b671d4a9d4c2d924b20d20c2853a93fcb16b6d716b171bae10b884494890ebfb04f0194c45ae622776568b01462671aa0a28b477a87cccc9a1ba53683854bba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b32b16acedc54ba20c9d61fa1d68cfce

SHA1
35f2569705ee320f8657a86b0e9c80b66c6870a5

SHA256
5c5ee90251ba8562ce351656b7d744a00bb96765344a621b179afffe604ef485

SHA512
249c6b8525d0378db948fca393a731b8a65e4eaa928e1a9a76d6274db85e63d7b614d311ab59d5654b6aed1413c8c74d77f0713eef97e7caceb65b711a18a9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d2c1d5f53fd7ad96726681f19f4e8378

SHA1
af2a5b33c56b14bcbb1250a186c6ffc0fbea6ff9

SHA256
5f40faa868985f7b1ee96af77981f501b4590ac200817220f505bf2ccd556d42

SHA512
0f868c104bbeefd0057bca1aee79530e167846ce99e2ed8662cfc1e51c101475eeca71262414404f7e6605ecab73875d18bbe8208ec037b53225927af98c9272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3c277cbbe55127f95e5a4fa2d51a2445

SHA1
de3688bd400a355c4b9b917cfe89f4b2087cd078

SHA256
ab6b4afeae3d616078458e191d8daefe769b18220be4baa4323a3dc2b4e41c58

SHA512
1cc27179f3a2117ef1c3a6130ddacba9680388a7acbb0e3576ef42fd47680f7f48e0a342b8ef53f4b63fcc5d58fb83741cb73956008223163fcce300c2863c3c

Download Submit