Analysis
-
max time kernel
5s -
max time network
16s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 13:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://falcon.us-2.crowdstrike.com/intelligence-v2/sandbox/report/a12190407254406991cebf3f5dfda2e0_c7807c619dd543479d92a5f7e4382c0b/dynamic-analysis
Resource
win10v2004-20230915-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
https://falcon.us-2.crowdstrike.com/intelligence-v2/sandbox/report/a12190407254406991cebf3f5dfda2e0_c7807c619dd543479d92a5f7e4382c0b/dynamic-analysis
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 3364 msedge.exe -
Suspicious use of FindShellTrayWindow 17 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe 3364 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3364 wrote to memory of 3172 3364 msedge.exe 86 PID 3364 wrote to memory of 3172 3364 msedge.exe 86 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 4824 3364 msedge.exe 87 PID 3364 wrote to memory of 3744 3364 msedge.exe 88 PID 3364 wrote to memory of 3744 3364 msedge.exe 88 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89 PID 3364 wrote to memory of 212 3364 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://falcon.us-2.crowdstrike.com/intelligence-v2/sandbox/report/a12190407254406991cebf3f5dfda2e0_c7807c619dd543479d92a5f7e4382c0b/dynamic-analysis1⤵
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd73d46f8,0x7ffdd73d4708,0x7ffdd73d47182⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14895385762874445417,14638364046978423539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14895385762874445417,14638364046978423539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14895385762874445417,14638364046978423539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14895385762874445417,14638364046978423539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14895385762874445417,14638364046978423539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3864
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1836
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53d8f4eadb68a3e3d1bf2fa3006af5510
SHA1d5d8239ec8a3bf5dadf52360350251d90d9e0142
SHA25685a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c
SHA512554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554
-
Filesize
5KB
MD5d5a4bd6512fd8404fe8ed9e0735e930b
SHA13dd3bb7ce2505fbb95502a06f12c807173e78c24
SHA2562df745bc925aaa01c66bf85d34e24ac240f03541157fa8d2c8e288a7c992be92
SHA5127df375493aa04d1b6d8625a36aa219d9e4bb8b2933e011a4b77dff2f8dc314d02e3961e9251959e892d492684c4c18ec141aae37711ca228ff09008c95cfc46b