hxxps://tdsintegrations24[.]online/8h63np7t

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tdsintegrations24.online/8h63np7t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1972	msedge.exe
1972	msedge.exe
1368	identity_helper.exe
1368	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 4740	1972	msedge.exe	14
PID 1972 wrote to memory of 4740	1972	msedge.exe	14
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 3956	1972	msedge.exe	33
PID 1972 wrote to memory of 1872	1972	msedge.exe	30
PID 1972 wrote to memory of 1872	1972	msedge.exe	30
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31
PID 1972 wrote to memory of 1676	1972	msedge.exe	31

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc068d46f8,0x7ffc068d4708,0x7ffc068d4718
1⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tdsintegrations24.online/8h63np7t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13319972064602861578,4680530717548754815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\System32\Upfc.exe
C:\Windows\System32\Upfc.exe /launchtype periodic /cv MneQwGPJKUW/0jDDPgG6FQ.0
1⤵
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
294f4b7037c3af68817d9756233bbbab

SHA1
77c9d13e170e04a4cd1d2b2ce8e512fdd4a3994c

SHA256
0101392e93340282d047416cb4487a5d4c96bda1c2495d02b1259e1e9d10b6dc

SHA512
dee16ea9e52a960b892038d21fafbf739e6c2f12d32a62a5ce14f14ca8384beada2fd4fc7467e8c81b5425e76e6a2bd19ed3ef53d8b3ae9eb4b91135e9cd25d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
742B

MD5
49dd107bd5aeced613c06c788eb1b230

SHA1
2aad3a206b332e952d94b7044a535a55d050e816

SHA256
8d62b6cf30a4143cb6a89819b272952fef7a4c5172064878ad81357888ddae22

SHA512
f9478adb870104176e3f082f351eb6032b966666c2b309807d5a72a98419ab71ae72e3e9649230e2f7dbf1bf7ecfb11e2a90882c4762564706474a0e4b09df0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7fb070d6048af9d903b78a871e41d1d

SHA1
2a300c3477f20bd05e5aceb8840aa188e83bcf41

SHA256
f6974ccbaf4be74dcdaa1c0febfd30df5c5c528ec3433e176ee931b374d821c9

SHA512
9b7243883831b3f4b51c79325ee363770773f7849b9c7cd3b950633a6d0a990de142f639d79eae0f99bb650b297bfeea681562c2f6a6c88a3e34924f376c2e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79d31d86da4dc688b23402fc216a4c19

SHA1
96433d586e1074f4f655f998699c13d88b47ae94

SHA256
987efdc9f97765f5c6864e621fd079dc95b345e26e627be7642085efc32d33ae

SHA512
3671aa2af800a7b9ee58cb32c12a59d920efcb359ae0536ad623a750a753f023f489e2203d0bceb0f9e56a4e561d6e0412544d2fa91e040bdf59efd08ccfa5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d85c573e96d6b41b04d12acd666f9e2

SHA1
fc196fe78a2cee70707660b01ff037e9249c80b9

SHA256
e47a70e1fd25cf1923c4913afbf797557cc9d0b8d69edf774e2e7123e92685ea

SHA512
807ed2732ae6e79c590b6ba5b81a88dc2c3d35c79ce2816e7427c68d71173666b0c5d4cf8f708d83bd8bd091edb1ade3b4f6a6ee437714c19079411beecf6b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a45a9d061b7c1e0549927a328fc7902b

SHA1
a97acfeca3e0ed83ffbdca8ebfa2c88033faf8ce

SHA256
a3b98afa735170114be42c8a4bb438bcce2bc737deac14a19a9e7a2447cd96bb

SHA512
778e4af322a563cea33abfe9b57fc687fd8c137645d9f454d878aaa6047295f4ff37eaa1dabe40e8568bf1826e8003ae1732e6d1d28594494698a2dfa803de1c

Download Submit