hxxp://latindictionary[.]wikidot[.]com/search[:]site/html/2128ebb4588a73ef6eac84f0f330ca13c59a9eec-836761755241636984

General

Target

http://latindictionary.wikidot.com/search:site/html/2128ebb4588a73ef6eac84f0f330ca13c59a9eec-836761755241636984

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2152 msedge.exe
2152 msedge.exe
5016 msedge.exe
5016 msedge.exe
4584 identity_helper.exe
4584 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe
5016 msedge.exe

pid	process
2152	msedge.exe
2152	msedge.exe
5016	msedge.exe
5016	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5016 wrote to memory of 2708	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 2708	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 1560	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 2152	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 2152	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe
PID 5016 wrote to memory of 3780	5016	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://latindictionary.wikidot.com/search:site/html/2128ebb4588a73ef6eac84f0f330ca13c59a9eec-836761755241636984
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3c6546f8,0x7ffd3c654708,0x7ffd3c654718
2⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
2⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15517881322792158801,5239993762831165775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
2⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
048656f46cbeec431fc9211b492b0210

SHA1
472e28d665f77507f42fd6d4373d69efe4817fb6

SHA256
b70bedb089a51bc48a6d94fdc9a44db7310d8ab1d5f17c0592e438a42efff050

SHA512
ab8a2e36fb6fa2afb017f26c1e15249f4d76ae7fef0a5c6142d50b11072242d2fc74bec1ee0c7973a4ec3b3109c3e26a7b48b778343208644dcf806b74572c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fd94178d39b88b88888297c7a4b73927

SHA1
c0f0980f30ea3d90958c19c87d89003f9fe9081f

SHA256
8380a0d7e7caa3b93d6b9b34a0604cc9c7b13ef531d450fba63b168c5753a9af

SHA512
56abf0e51ded4c52c55a3ba55898a6668a0d87d28cc009afdab1973b584fe26f0c5576dbf4fae4bc59d62e192a7d70bdd17a4e6ef0ead50239c3ab5766b157ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
069471aa3880ef470870002b5e4e63b7

SHA1
15f7087d7a92e46fbf4e6cfe55e66dee58797c2c

SHA256
a38d7a03e4f4d64b3d7e86c177dbd118652adcff3cd0f419d9687907dd145f63

SHA512
0ca3577649590d80bb7d38fdf5313a06fcd62448254ede4a4878e28be1137aeb5bbdbc7b91bb74feddf15de3eefc83ddf86c07ee7d612e4ef99f43a173fb01ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b2cf4d0049ace39b74eef79a55294004

SHA1
d7c3ca52a379d2e60352e30270360f961bbb2ec0

SHA256
f09ecec25a5a6280529f91f243579b90dff160b1432b685455031fd1dc4c4f6f

SHA512
75dbba4e152552da37f9f7b5b8655c7034c070db3bdbc3c4ec20bc5e509c420df86f6f5ef0126ca21b3eb73fee1ca93d1b555896a51a95e806655de491dcbc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d879872093448f48c6fee060799c4a5a

SHA1
5756921156351886df3ba0536191a746b05de501

SHA256
5edbadd45b814d360985323c132dbb0cec718dc970cec6f4998849bef03cfc4f

SHA512
365dab85fb9998373db677f5901f747929ade5a4b95336049592d54ad6f3af2d6a1e5ca98907daa6ada72062af4a26e7a574b788db722f6feb2d1f2d3f55073f

Download Submit
\??\pipe\LOCAL\crashpad_5016_IFVPGOPYASGUZMYC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads