hxxp://www[.]claimlookup[.]com/deere

Analysis

max time kernel
30s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.claimlookup.com/deere

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
2948	msedge.exe
2948	msedge.exe
896	identity_helper.exe
896	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 4724	2948	msedge.exe	55
PID 2948 wrote to memory of 4724	2948	msedge.exe	55
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 2952	2948	msedge.exe	83
PID 2948 wrote to memory of 4516	2948	msedge.exe	82
PID 2948 wrote to memory of 4516	2948	msedge.exe	82
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85
PID 2948 wrote to memory of 3868	2948	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.claimlookup.com/deere
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3f1946f8,0x7ffb3f194708,0x7ffb3f194718
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9103494876113881047,17137078107362800848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
f37618dbfd47b938645355f847b4f005

SHA1
aed63da8cd997544503f3ebe2dc5d626974d4101

SHA256
0442187fcfccc8d3f9b63ac08bdd1b94a5258523a553576db58c42739dbe07c1

SHA512
f910338d751ad5025e48aba1b6c90aaa935a9b89757dfdb97e8c8dfabf896c9ab54a39218f7f11d27889bf97a1029028c7f10639b10cc5fd1ef3648c3a6f6502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5b03adf976a064a5d50a009ba9be89d

SHA1
f04e22072a672ca3d9def76e4e767fba148c4eb2

SHA256
fe4a23d9eb385ae6fc7c488c7d7c2e9b34ffbfc2a5aa5ccfdca0d767f51ff902

SHA512
41a3623208d54f57b822935745b8c52f1fcb4eb3e3c0607e32ebe26d037dfa40f2612bfd8751c4e75f44d1e7171b80d6c08e61349a0a1561e452b62d587505b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5b2ec9650479704ab00acbe9353b6f75

SHA1
2656b020701d2af336f536d0abd8cd58cb8b06a0

SHA256
6c62485b9255f308137c86b36c1e90a6340cb03a3818316f5b40f6eda4f6d41c

SHA512
d5eef48c57c5fdd9437d87de9630d90d051618d717d69bebb62295aeb02af340affd8862ff26f4c57763567e5c94306980f3d5ac26cff67b44b1e8eadd0f4c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aab4093cd0f82fab7d0e5424b757db3c

SHA1
f308a013f1f1bfe879064fa380fdd7955e237b98

SHA256
1bb788773d3394d8b988908f88c388bf571e0a473ddc7158ed81e527da8aec2d

SHA512
2afad80d34feba4c9be241a5f1d7de92d010d5be37bff4b2a1780d1f957d7b079557ff72c6009da20e1503c495d6f1a26f4352ec2d12fceffe7a3473605c0c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9f44ed9cc7126ebf6c098e9b09a3019a

SHA1
731d03f719643bfa95b066f5bb8d19457e23da9a

SHA256
f14a55fc1b09ce2c26f2a0fee239bae1bda961f124e81d176ef962ab42cc5964

SHA512
a98a93f88b9abb755dc934808905810ec05647d39b8a5539907262292e4fa3f91e27fdf45ea81f320e9c417f9ac3c13701d769124f985558439a14cdcbaf258d

Download Submit