hxxps://u28414122[.]ct[.]sendgrid[.]net/wf/open?upn=y52NfNZJFC-2F8HOnfTR8XaHw11Q5j4xWdKv0bNM8-2BMBuk1HEISg6YT2vubYQVMy9zn7-2BvApBKMA7hFpe2ytv2e2ttb7StwoVcYj-2FXyIaAqKe7ykTPZyFY6SiuTxd4gEWUnR6-2B6CaQ-2BF7w8enbxMz4qm3vqjDagtNARxAkMmTgowO-2Bxywwce2q5DOUFjoGVd-2B-2FHuNoE-2B55I5XAsnwKW9PjSwu4y3X9LZZoILHzkBxePHuPlAGhTAdBE050Cuf2L-2Fh4wDo-2BSJTdMR5ILoj8TwZUpmBvt7bkD7G9MeKPKwErEN1dtyXFCykiOEhWMHSGTezZAo8duvchxzg9opxxMBKx576RUYFoKXLCjX1sBRq9mTCt-2FhI045spKe7IhoJDCi-2FNil1IZTwSUGAhWsehx-2FMnDB37u94GnFdCMToWjAsbNSxhwm1iThw7rT0N1DqUbp4E

Analysis

max time kernel
62s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u28414122.ct.sendgrid.net/wf/open?upn=y52NfNZJFC-2F8HOnfTR8XaHw11Q5j4xWdKv0bNM8-2BMBuk1HEISg6YT2vubYQVMy9zn7-2BvApBKMA7hFpe2ytv2e2ttb7StwoVcYj-2FXyIaAqKe7ykTPZyFY6SiuTxd4gEWUnR6-2B6CaQ-2BF7w8enbxMz4qm3vqjDagtNARxAkMmTgowO-2Bxywwce2q5DOUFjoGVd-2B-2FHuNoE-2B55I5XAsnwKW9PjSwu4y3X9LZZoILHzkBxePHuPlAGhTAdBE050Cuf2L-2Fh4wDo-2BSJTdMR5ILoj8TwZUpmBvt7bkD7G9MeKPKwErEN1dtyXFCykiOEhWMHSGTezZAo8duvchxzg9opxxMBKx576RUYFoKXLCjX1sBRq9mTCt-2FhI045spKe7IhoJDCi-2FNil1IZTwSUGAhWsehx-2FMnDB37u94GnFdCMToWjAsbNSxhwm1iThw7rT0N1DqUbp4E

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
2164	msedge.exe
2164	msedge.exe
4860	identity_helper.exe
4860	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2128	2164	msedge.exe	85
PID 2164 wrote to memory of 2128	2164	msedge.exe	85
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 3268	2164	msedge.exe	87
PID 2164 wrote to memory of 544	2164	msedge.exe	86
PID 2164 wrote to memory of 544	2164	msedge.exe	86
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88
PID 2164 wrote to memory of 4184	2164	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u28414122.ct.sendgrid.net/wf/open?upn=y52NfNZJFC-2F8HOnfTR8XaHw11Q5j4xWdKv0bNM8-2BMBuk1HEISg6YT2vubYQVMy9zn7-2BvApBKMA7hFpe2ytv2e2ttb7StwoVcYj-2FXyIaAqKe7ykTPZyFY6SiuTxd4gEWUnR6-2B6CaQ-2BF7w8enbxMz4qm3vqjDagtNARxAkMmTgowO-2Bxywwce2q5DOUFjoGVd-2B-2FHuNoE-2B55I5XAsnwKW9PjSwu4y3X9LZZoILHzkBxePHuPlAGhTAdBE050Cuf2L-2Fh4wDo-2BSJTdMR5ILoj8TwZUpmBvt7bkD7G9MeKPKwErEN1dtyXFCykiOEhWMHSGTezZAo8duvchxzg9opxxMBKx576RUYFoKXLCjX1sBRq9mTCt-2FhI045spKe7IhoJDCi-2FNil1IZTwSUGAhWsehx-2FMnDB37u94GnFdCMToWjAsbNSxhwm1iThw7rT0N1DqUbp4E
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ee146f8,0x7ffa7ee14708,0x7ffa7ee14718
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7968322286583479990,2601944438452872501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11c91e74fce7260d1aaa92ed0ee8f40b

SHA1
9956ac1d8c0df69c1c8bdefc67a0ada7d2ee8ab6

SHA256
96de0d798472b1d9f20cb752b5eb0ea2e3e81e2352d62141fc539dc634886406

SHA512
7955339e2d5378e4c7970f09ebda3e58a0693ad5b3ab4dc87302c5705271ad75c81a9eebebac86afac8904bb32465fb2190c43ab37455ed1fcb253be8f24655e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
906887962ab1fd095dfb59c3b093337d

SHA1
b7a748ae941dcf50cf6742932c7e949c0c9c01bc

SHA256
e11ffeb03168a685f7f6174da805caafbf6912a7e84104d3a4840f14cb2cad27

SHA512
970ae76fa10a277eecdd2e178e77cf3e662169bad4b6dc2a6f8c20c5c47373826a1fa3d472b3efed9f283dc15130831890af1b59e23ecb41adab679af8bccb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c44f27fc22379db7a2d8b5b758acf348

SHA1
faf1bb3e94551f28fee58747e7ea8dfe370d9e81

SHA256
14b77509d28a2307f90d76048cf9908a6da1ec9b18972df3fe5ff4b35a5ba190

SHA512
6d45f606d35cfacee7915a956f4f218d71fea67f47c0d2c4da47473d924896d0477ffd4cf4fd45c754472a268a5ee5bbc27a8947870bfac6679469729b8d56fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c23acd0a85203e4876316083f3d2a837

SHA1
f60cb4fed279c69512eeefe4f0e78151006e2204

SHA256
9be0be188c463e9fc781bc35b30b2ad8e4f8d3551fe1be7c17824b1ba8186fce

SHA512
ddec1366fd2d8fdffdd49c5ffe3fa6b70e67bf499b434e1d81d1ff701e035f49aa5b22061aa76c64ff83cedd6d07f8e3066a845601b405dd19a617f2c9caf786

Download Submit