hxxps://tinyurl[.]com/parcel-dpdd

Analysis

max time kernel
49s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/parcel-dpdd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4136	msedge.exe
4136	msedge.exe
2912	identity_helper.exe
2912	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 2108	4136	msedge.exe	86
PID 4136 wrote to memory of 2108	4136	msedge.exe	86
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 2816	4136	msedge.exe	88
PID 4136 wrote to memory of 4444	4136	msedge.exe	89
PID 4136 wrote to memory of 4444	4136	msedge.exe	89
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90
PID 4136 wrote to memory of 1500	4136	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/parcel-dpdd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffe55d646f8,0x7ffe55d64708,0x7ffe55d64718
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,817203426599590047,3364683358922558272,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bb42b14405df90b05ee2225e751c709

SHA1
8b2d82eaf30e94c542faaee94262b49df7477ab5

SHA256
fd97a9575a4e161905c8e6f48cdc77b40fc44f4c923a9f2a57c8a4125ab29641

SHA512
0a1256e81562e723b7ff1aea9e6195741bb127f74f10d86edf7e2f16383106dd95705d2a0bb01399a0e23cb8076de6a1ade5793742a8f911acc88e700eac77a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9255de254f2390ac2d5daa76925c684

SHA1
7dea442c4c647dda2b3a2277615d31024f480447

SHA256
8831681f7be96ce3478332d62d22c606435bba2405eafb7f3be383c161c0d538

SHA512
6bde0901b144f9f2afe7867874d2ab536fd457599a3c069c04abce068a1b90ef9f84c2c681500e3784dceeb30eeee5dd2e4f2e4c216379fb18d45756769e0f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b9e486c41457a4f2271014adeb05e8e

SHA1
a124e6b47de99052a1a20f0e772ebe6927b4d7c7

SHA256
fcbb8509f07d4d18bf5db17bc1bc20d8c265ee876547ca2b7dae6b69d2166933

SHA512
071e3532b7634379f1ace57cbe5d7fd0dbdef79f27b8c0db283006d4288e1d340f8dac10bca7d6f1f5648fc17f85d00cd66610b5687948db6ec36d63e6e40e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c94bf83fa8648184922e3dc795e57031

SHA1
6d136a2f2c68b8c29d32f64bc263ae03aba43ec2

SHA256
eed00f669128accdf6a898d587ddb9e4db4bbc0fac49e74e6789f3ad6bb1a42e

SHA512
b3c5b44f52c23deeddd564bca860eaf36ad25f8860896792eea500795298bc862323e0893a505329ac0942e9b699eaf3a00ef79b73a3a938d6feee0324d70635

Download Submit