Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
18/10/2023, 20:00
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4664 msedge.exe 4664 msedge.exe 4636 msedge.exe 4636 msedge.exe 2184 identity_helper.exe 2184 identity_helper.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe 1488 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe 4636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4636 wrote to memory of 4628 4636 msedge.exe 73 PID 4636 wrote to memory of 4628 4636 msedge.exe 73 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 2112 4636 msedge.exe 82 PID 4636 wrote to memory of 4664 4636 msedge.exe 83 PID 4636 wrote to memory of 4664 4636 msedge.exe 83 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84 PID 4636 wrote to memory of 4576 4636 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login-authenticaor.com/?frbewtjv1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa52d246f8,0x7ffa52d24708,0x7ffa52d247182⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15312497372548791438,14967548991124168561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1488
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3968
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD587dc426ffacf51d0e6f2798dd053a51d
SHA1b3d26f0a41b9ca5132d46d99b56170977e8dafcc
SHA25682f1c065e93617397e993b2316aa02c020b1ee594819ebad9acf8cbc8814294f
SHA5129b2b683517b27c370954d6a7f4dd86c53a9de03a1445c4071bd428b9db6e62ceee6d8ed19daba7168aae987ac465cbd89f3e6bfc440a21af48ea420a60fc0d02
-
Filesize
791B
MD59e46fcc98ece671985ca7c2265aef96c
SHA1fe235fd51e63935b6a0f99aeae2b39097108c570
SHA2568a3b258231d29cdd1c3699a46b2a8b21468e88a98a7f3b55a7110cf24798e4b2
SHA5120420452506ea7958ea8572d3892535005e36cc5aa3e39cdba9a53f8bf1046bddbe947c9d117caf8174fbf6fbe8dfe44778c17dd5cc6ac3ba22eeb06d71344a63
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5493555ec053b8a41cd19511d082285ec
SHA165db0cf9ec7836ff03016c07a10301025b4af8a1
SHA256a9aa2ea8c5330f92c3722d7a4e3fce1c10573b52e345f01fffa9d6ec44d1f827
SHA5127b9a99945339385df2a3bcb1c7094af9bd6279384731298a49d99faa093001da6813b667631873556b33bf81726e850c4072cf728fea922ebeda6f4f0f8b0f09
-
Filesize
5KB
MD53886ed0961a7dd4d278482ea309c51c6
SHA15037f2f4ef020f5694a42a6b1b540526a6b2899d
SHA256743cc9e554743471545db2e786a91b8210409b60db6e31032b081501d5760032
SHA51238f569fa82681dce22fd843792e9bd450337e917eafb0a737c643b70e9deef4b6ab30cfafa97577f60807f1aa5f7a7120e012e97827043830367b1505af4a66c
-
Filesize
5KB
MD5cd4ef7c63c1c4995d92ee7a58cb33b3a
SHA1f4b98a007e8fead597ee8048738246d5d2349f57
SHA2566f698eb97f37ca7cd4f0a5fb47d87114d355abeb0a2b729ac15a95df39fd1e6a
SHA512101e8b7d466ffceafeabfe993c1f3dbeb5edd799b5a7cecc1b088cb7f0a4df49cf4b49685e0755aecdc6784ecb1e7ac8a1516238b12c6d040c9d4f4dae54c708
-
Filesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59105223658174812ace148147efa8a62
SHA19c41e0e70373c8d5316e18a536a134bb8fdad890
SHA25607844979a4079082cd65bc42115c3189f0ba8f68a95813cfe3003e4445380000
SHA512bc53db36519b722fce459f49cf32f90a0ffc37597e00c7a58c859ea36429c72af542f03db2d5446e8c6b38ff838b0b01d33bc3769ba8335bcda928c3f52f3800
-
Filesize
11KB
MD570c4b9bc6f10d6a72c5629f71c14d23a
SHA16e62ef27be8d13018a82479f337b79b8959c25ec
SHA256533d6f950a058b0e3bf49ae4de335eff916f863e58303780d686f49d667aa151
SHA51297858d21ee352a8bc4cd79a73effd7555285033b3deb34d9c34eb7be9726fb937d0e9e51ea00cc57dfa1167ab95d08c2b3015553200c1aaeb6e35dc306778b7c