hxxps://cdn-prod[.]taxdome[.]com/packs/assets/vendor[.]1ebd71a8[.]js

Analysis

max time kernel
114s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn-prod.taxdome.com/packs/assets/vendor.1ebd71a8.js

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
4724	msedge.exe
4724	msedge.exe
4940	identity_helper.exe
4940	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 2344	4724	msedge.exe	91
PID 4724 wrote to memory of 2344	4724	msedge.exe	91
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 2656	4724	msedge.exe	92
PID 4724 wrote to memory of 3000	4724	msedge.exe	93
PID 4724 wrote to memory of 3000	4724	msedge.exe	93
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94
PID 4724 wrote to memory of 2740	4724	msedge.exe	94

C:\Windows\system32\wscript.exe
wscript.exe https://cdn-prod.taxdome.com/packs/assets/vendor.1ebd71a8.js
1⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8259746f8,0x7ff825974708,0x7ff825974718
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15569916462622995991,15881105005784672254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
03c22db94b9581427a1c757fe96d3156

SHA1
e0ca31d51468d95485a2fa89495757aa6bb4ec48

SHA256
e2535f32f4e4b5d25ed2d99c5df6017804851502f2d6b2e9e31c6843dbd2208c

SHA512
2b4ba0f626b460ca8118c78c8c2fa3175eb291dce0d4ea472d4b75874f382242574f8251d3531631dc916003bf88c827610fc14f234ce37a9dcb2a3cafc79924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0eccbedfe1dab2f8c7ec05fed13f0e47

SHA1
ae7a0960ab932036c99cef2e49996793ab0e7308

SHA256
1dacbd91ec6b1e574a85f736c429f32f9862ced5b4cb49d6129d9cea7ded51c7

SHA512
5a61495abbe056dbc97f49e0f0cbe84560b5c83a4190808e4ed6928fccf47b60e23572f6cfe2d9f66b7cc1693aeec2392f81c9c669711c2246c7c6089f480260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75e76d73a548fed764bd801539303513

SHA1
151301896b5cbf73e50b52754b715d1557d7989e

SHA256
334ae63027ebea20247a7ac07e5f46388da690ba394a19763886df3c025ac068

SHA512
7c4e9c3251f59720d04ec2920c5807a93feedc6b49b27d25d7d378c788733842db2c76f722fd6ac35bc18d1b36861fdac9664a93c41105a639bdc7f7410c2965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5dc0cfab2e0a916f41078910f3e9903

SHA1
c6a5f9390b450fe1a98d05ebaf140e60ce93e49b

SHA256
31c7f0b5e47a5a886a1e9cd56ce9184b5ab18dff199bc2b7cd30ed9d7e9f9d34

SHA512
55935f1a6208258231c91a14d30eb835c16e9e5927d5ae89f96a6885146e15ede8a2a1432e474fa5136a215fe0bdd4c833146c7348e8ea09ae69f12778b5356c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
8b12a032b0f1f1d3db83e6ebfee3c699

SHA1
78b4b370ebb1c199de1b071d5dcffcb5157f1963

SHA256
507fed38298e768ac97db80afcbb9c8976cf626642152f4ff5eb3db1e94357ed

SHA512
95da41c422cedaaa893aed624139f40f03ae63b687922d58d46c9594aed43725e952b9c776fc20867cbd235f7bcc1e635c65d1c9ab3078c3f8cd3437c072f5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
5KB

MD5
f747b06cc07476a882e546ef58cfa465

SHA1
3be434bb9b51a03cfff7c85e3f7cc98b94c7ec1c

SHA256
c4491d370d22bd28a72cdf2f577821606d0c82e30d644b26934bd84a28db94d2

SHA512
cb1c37740ee3a795cab61793334a65a20f8647549cf9855b005d018080238fed3e4f933139a7b976c764e499962612915df6f945d9a7f573ba5dfadb7bace8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
6a5fd5eef8aab8d16924119f9ac3ca92

SHA1
d776b7421ee733769ad8df86b874d885653a5a83

SHA256
5cfcf4a3de6c9a2fa12010b2564acdfa8a43c547fc415516b6eba6f7091cf43b

SHA512
e3c25c0fd987fe2569e1af3427bf1223b237729896775d83ecaad70e4a051b4ce6d51589a4db1d80b83e66cd97ab4280df9677f0afac97c30cd76c3ce72711e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
0df8da8673e5a078c2cf66c9e23a3ba7

SHA1
50112db75122ce61a77fe010df12715fd0f33a3a

SHA256
3033409dbb4a1f3b2a4acf51451fcf59a24c43504811bfbb3d561b5bcd8cb631

SHA512
d1cda1d6cb7576da2f56e0aaa80f18ba7a3bdafb68798cf9dae090d21f4eff0297788af9c2d57996aebbb9c64289917e898b5897a5e9917efdb593395ec82b5b

Download Submit