hxxps://tinyurl[.]com/mytargets1?msclkid=5cc65428bb7811d2e109311750d4cc8a

Analysis

max time kernel
33s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/mytargets1?msclkid=5cc65428bb7811d2e109311750d4cc8a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3008	msedge.exe
3008	msedge.exe
5328	identity_helper.exe
5328	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 4516	3008	msedge.exe	77
PID 3008 wrote to memory of 4516	3008	msedge.exe	77
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 4488	3008	msedge.exe	89
PID 3008 wrote to memory of 3144	3008	msedge.exe	90
PID 3008 wrote to memory of 3144	3008	msedge.exe	90
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91
PID 3008 wrote to memory of 4136	3008	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/mytargets1?msclkid=5cc65428bb7811d2e109311750d4cc8a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8f31d46f8,0x7ff8f31d4708,0x7ff8f31d4718
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4291301513680924854,12954145773135792105,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bf5ecfcb9be463ea683baf5a45e045e

SHA1
0d26cd76c776787892f63068f321d66495d2e9e3

SHA256
ca980bf408152e8827ddf556964ab903ecd16443a803b280d5ebae835e6bf2c5

SHA512
5fae42388c54e144bfbc30584a119baf251dd8d62e6ba19dfd6c2a71aff48284b2751c1967d12f07548ecc03d8dd3d96b610eb7be2b51be45c11cb0b94b4efb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d92c40729201ae6e7475366363584ed1

SHA1
ea72d82dd5a1a44b5f6634b45ae7a457d51ad483

SHA256
feb8476adf8583972367cf6a2540e5dddcd868a7008ffceb656e111099c72421

SHA512
cd63bf8a25d459df9a1870d172301973860497dfb1948e37dc7c6926ae6f95a04009789574da33da3f7616eedf5c081af5b2def0f8e44f307c98a59552a2f5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
847eeae67f8840c737c36f877c4815af

SHA1
061eaef6f2b474db9b55c5f1912cf64248c6841b

SHA256
e7d8c540e2c0cab6aae6e98a6d94aefe71de9ea9b19a63527751c169ebbb6146

SHA512
4db5f2b5bad185802a0f5b04abb413295b819d91c75969e4f685db9e50f232ca0e8fc35f9f3dd88c30a2b680bade9a243f79dcac82efba1a0471bf9bbdf1dc9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
32a543dce1b56316dea618bff3a4d142

SHA1
25fe7968e9d725af862ca942d4b54eed8aefaad3

SHA256
dec920049172335e56b7f17a1724c7360b0e24259a25ec0b377b83d24d85a6a6

SHA512
c1a49e534d6e76ae654b737ebfdf4bc17acefd26472cc3cead89ecf03d0c2c46d368cec6ecc19c4727246a956e16497330ab92dcfdf257d40291255aa3f1ae50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854d2.TMP

Filesize
1KB

MD5
b7f8bfad2cd08773c23d94eda3c5fa4f

SHA1
967334bf6a8e691beb641388eb82d0a56843a82a

SHA256
1d5b0200e021d000179148a132a1dc0434ae0c103e5a1c087e0837212f1d3814

SHA512
7f7ddc85eba88160fb3f6c87019566cca914bdeb2029bd6964dc95a315ba9b27194fb09a11b95f74bb783e4a8d04aee82970c51f9e6005a5690fb8b19c8cccb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6cbc12ec34cf948d20a6e28861894727

SHA1
493df18a865f3c79ec886663fdf65a30096f3cb9

SHA256
9a8249c384b4edf3ae834c48a4ac52fe3aaf362c2d715b1e625a88b38f6b307f

SHA512
0eb1f891ffb6a2d7ef0509f2730ca62b694204cbd3cef7b1c87fd5a8d38b7457638cb40980e5a0cefefd25f0c4a52214d80a4c5e463ddc5bc98cdffdf35a65c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80d98fc5e6c1b6b7131179e9404e8239

SHA1
5a3ba1911a9e609d271f76f8907978dbe7676366

SHA256
f3c21caed5a1b5841cf2c78caee2d12ffa6cd009008edf9fd54fdd4f240d24e1

SHA512
9f9819910f93fb0e50cc24f2208b6e3698149de18a18b87704112cfc3c9e4e6a80cd78494452df4612a2a0df9a2e87369082804ee99ecd7b8cb45efa1ec37569

Download Submit