hxxps://www[.]mcmusic[.]ro/modules/module2market/translations/de/index[.]html

Analysis

max time kernel
21s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mcmusic.ro/modules/module2market/translations/de/index.html

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
732	msedge.exe
732	msedge.exe
4408	msedge.exe
4408	msedge.exe
1516	identity_helper.exe
1516	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4952	4408	msedge.exe	45
PID 4408 wrote to memory of 4952	4408	msedge.exe	45
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 4816	4408	msedge.exe	82
PID 4408 wrote to memory of 732	4408	msedge.exe	83
PID 4408 wrote to memory of 732	4408	msedge.exe	83
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84
PID 4408 wrote to memory of 4480	4408	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mcmusic.ro/modules/module2market/translations/de/index.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1146f8,0x7ffa1d114708,0x7ffa1d114718
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9872919584449410711,5470191784252808091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
faa35ebf505cff3e625b6544fa1b3ace

SHA1
d11a4045df466df8078f3501abcacc6c0b1ab6e8

SHA256
7931bb8d019a374b5a30b8dba92af71b6622bebae8a63f47fdc6dd804189031d

SHA512
2fd3b39f61dbd228f32b4c976ab8632439fa0c259b7e802ca284547bb8313b9c0c4e47a2e53a7244546ac9b7bc2defe8259d408215e75505de51633edc492b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d75312e75e59ca172fcfcddb0bc6fe14

SHA1
93562f2c11d3277fc95f2346e2d9abc320b6987a

SHA256
1a51a8fd87cf14124e0eff35da389ed5fbe6756078ab306a6feb1b0499395de3

SHA512
ec57ac8764c25b506e490382a58473ff08ecad9a707bf82853b3b0abd2479bd26d721a20901459c1c6a5e8a2ff07be265317257d82e82c109a21eb634ec480a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
730f21e8e875df14bfc60b30720770ff

SHA1
f9673960f0ae685b54406c6ce6fea585a5387af8

SHA256
8d19e4b48ef372b74775b7cac98133adb9faa158e6971478c9768ec878006eea

SHA512
889c5eab23099b535316544012a6b19b599a6684e58e50d66b24fc1561f52652b7f8cc16974128f854d4398ff21d44e7cf24990330aa983a1118afd431725edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3a42a0b485cb0c31d98c70379f88690

SHA1
bb69b5c17d67fc255d0a9c817e5266de9c0c2431

SHA256
c3951a06d8c37af6a18695e1a0e91a18112966c2e8fa208ead615d1c9776ac58

SHA512
362a418a2342ae52db5a4d09207281168258b006fa68c7e409d427efafaeae02df308b2bf2030851a3af83732babf5f02db1670842f5a00a7ddb36963eaef582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
12e67c19450200baba6725d3e9bd6916

SHA1
218b228c01a8e86fdbae641b2e9c8ae55a2712a9

SHA256
7cb90c0281d16d85a26eeeff131dfc5747a5b80bf188ee15127f674feb9f763b

SHA512
76960b6a16dfd7229cce30779c5c30e8e79ecdf293eba898e70942d587a5b73d7433e5f93a87fc1b226ffb4b6aca192f6f7d15471c462d371aefa356e899dd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f3a2fa988b951a2c302f39d34f313093

SHA1
dfe09c333eff8cfb3c1b030363b15243b5a2bba6

SHA256
bac940765429e9185f481914a273bb872817fd736ea0fd881c78dc4070bde289

SHA512
9d167b237cca5ada2aa6f1eb4b37709cde895cc8357428142cd2d133e424f61bdac60f1c2a819fec16cd5cad8c17497fb68652a29941f3e3286787a596172ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb8d.TMP

Filesize
539B

MD5
9d775b877779a671d55c3da7b7e7c31b

SHA1
957674ce3dbcd9e4a05a8e797ec41f23ce460f6c

SHA256
6110e0c29b270f5ddf473842efcc3f7697d30f2091b3baa54fa8854a1d335aaf

SHA512
7084741e122ac881a90b3cbb84c727ff7b1d95e34386ec3a6aaa9cded06b404fb359ba6ed5185ea652d83e7d8adb92c9d93deb6152db22135093d9b67dc831fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3bbf2f9fb5a07c0d3ecab387d71aac0d

SHA1
219965e13071d3decf271223a783bbce08bcd0bc

SHA256
11c419cf163ac63efd297109fa77a8c77a5fc6e666fd5225a5e0020d94d0f0af

SHA512
cc83c043f8a656d317cac953af6f394fa1cdda7d83dcc428140d8331a9386674bf036ddaf5581528230b158139b88efa5f1efb61f7c77124cf4abb984369ec97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9748c36b4be0d8ca0f1bd919668ecafd

SHA1
e5b63c1f89d14c84d3a0f07982c645d1fb0dce28

SHA256
842cd90235118596708b61cb28a2a6f0d6f4043458224cec4e6d638065b365ed

SHA512
9391f828891b15fceea009f7676f60478517c987cd5fa512db9f8aa9b08a9d981ff937ef1386bdabcb02777a67d2c586e0a142a26a4764ac8657a818489e36c9

Download Submit