Analysis
-
max time kernel
165s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
16/11/2023, 08:34
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://portalcomercializadornedgia.atlassian.net/servicedesk/customer/portal/3/NEDGIA-253166
Resource
win10v2004-20231023-en
General
-
Target
https://portalcomercializadornedgia.atlassian.net/servicedesk/customer/portal/3/NEDGIA-253166
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3828 msedge.exe 3828 msedge.exe 4316 msedge.exe 4316 msedge.exe 1012 identity_helper.exe 1012 identity_helper.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe 4360 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4316 wrote to memory of 2968 4316 msedge.exe 82 PID 4316 wrote to memory of 2968 4316 msedge.exe 82 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 680 4316 msedge.exe 88 PID 4316 wrote to memory of 3828 4316 msedge.exe 87 PID 4316 wrote to memory of 3828 4316 msedge.exe 87 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89 PID 4316 wrote to memory of 4208 4316 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portalcomercializadornedgia.atlassian.net/servicedesk/customer/portal/3/NEDGIA-2531661⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe325846f8,0x7ffe32584708,0x7ffe325847182⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3147784826962198324,1872020899018030427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5088 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58f30b8232b170bdbc7d9c741c82c4a73
SHA19abfca17624e13728bd7fa6547e7e26e0695d411
SHA2560916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb
SHA512587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5e99bd1e085f56b9dc43bbf8711a6e01f
SHA14df00ac889e1a4ffd0f2a44f00ee8f11ccca0f69
SHA256435f0d8726a54279a75a2dc8a159179d77f8d47cacef76228cf90d46eb7c506b
SHA51286d7e48dbc9338777df357b0338cb50bc713cfc80528801dcae64e82db63eb242bf49a6417b21302fed306470c9b97f28fe0bbb37177afc73631c43481778f8c
-
Filesize
764B
MD57e71963cfa94841ebce2745894a404cb
SHA15cbfa07651130bec36e8ec5f1540c00052b7d63d
SHA25659387d4d03644c6fd222b1d28015e6f6ad2c905313c1f9cd32325ce3b598ab1b
SHA512f858efd11ea87057bfea3d421e36f984638ca5299f3aeee4ebce1e20c2400b2f8e614e6807f93a200413aa2da0be9d9eda566f77ec2db84b399e56b2dfb8c394
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD52e7a835c5c48dbe081d68c7da3333fbe
SHA1503c01f50dbd4f6719b1c6b47e9dca6ba65b030a
SHA256eb69e6aceb5b1590c593573c10a5e8b6f281615fa9816f2c41425a0972874506
SHA51231f843a9f074ceeaa29d3e63dcea7ec5bb94dcc97f29682c36bcaf44873680a00ec76deca327908c90ff4df342d5abe2e2913cde663214462fc87db542cc56b2
-
Filesize
5KB
MD508cb6d19cd3f483c77f51cbe6cee5a60
SHA14d13d175d78688f16da3935aff361204373328f1
SHA2561ee74f3e2585e25aaa839c0a47f8a533be04607f5d7223cfa63ebc667986e118
SHA51215115ec80bdf610e19a8112810ef653b3064a833e4fabb5f4ac468f9a3bd10ab71b86939b61e439cc9090c7c6727a73e91625b61dc5dca8eb1cf7e8f131dfad8
-
Filesize
5KB
MD5b133b2577c9d708c2e8027e26bd29c48
SHA16dc9d183aead5d8fdd63873d9cb442509209fe9b
SHA256e3b5f390bec1f3de3a02a29c30cf93eaf00f56524cd19e178fd02cea9bcf357d
SHA5128d66a45253c868f48ac10673fba12fd4333575a990ba9d79a1740c095eb182878422b7df8244eec196c0307b6b1f9a73ecda68e6f0727768110eddaa10b24bda
-
Filesize
5KB
MD5143a309d18a7b23a9365dabc844a703a
SHA1526eed284c02d58a5da80cbd9bd87d39af6bb99c
SHA256e9afd98f113216018be535ca198878aeff14b383a2cff1b93d712cc2df4bba9e
SHA512db9cff3f94a83563835d69023a87a23cfbdeb5c4652f6d0af0333fe717a5656a4ae8ba75a21c7a051bcd93dcfc86210832c3dd5c34a173f3c61239f7e53285a1
-
Filesize
24KB
MD50b8abe9b2d273da395ec7c5c0f376f32
SHA1d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec
SHA2563751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99
SHA5123dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404
-
Filesize
873B
MD511a0f76ee5d3d696f888f051db14393b
SHA1bed7fdeb206caf046f42276ae81baf1059a30312
SHA2568e88b3afd6382fe12691253d340a71b930e4329271a39a881b197a8dd7a83f77
SHA512f813a0023fa0868d509881c6b9821a717231641334e60e3724a6491151fb13a9e99d2f0ab5262691de0a613a728bf448f0d2a8d280d4d06129208bba4d0c22b3
-
Filesize
873B
MD54113aa763c1c1ff26c3e8b15b68bbb50
SHA126f2e687611257fce1b790955db4f6101c3a58a6
SHA256b7af0f9ae15f71e7c773d9b3998db92333e62a10bfb042a1b9ac312c57c73ba3
SHA51268ef9a9ccb5fffc67095f8f23c836a21b669176495571ad2ce36164859e977bfc806d5a8cc08fa66ab1e5dd21e50f77c55ad6b0993cd2c417a2babd648aebebb
-
Filesize
203B
MD59dc9f5b1c82715a86086cd5a600e949d
SHA1d8586dcc325601d9fc1279d8c69bcfb5e6e7a6d3
SHA256a1c0cdd9ffaf2f4e6d2e0ef4618adeebd07694ca8c03a5374d0bff071d1d6070
SHA512ec2e38e43acda2a49c2645d9a3fcedac7899e54e07c495ae91a6edeb18f601148c7230fb6a9a49a88b5db7b505f3ab57925c018b69ed931ace6493502ab89588
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5afa9814a67d47bf455a26e3efb2c86ca
SHA1ba6de944a4724ac93e0303c638a6642362fee6ac
SHA2564391faef8e1864e62251475bcd6cc91b4e44ea155d27c66a721de547b118472c
SHA512d040d0180b71e6230bec1b56a3279fd15f1d22929cd6a6a07251dc3254e606a7f8b7fed3a716f7f5adc3a5ad2208a180fa6d4768efeedcd590d013d53d3c9cfb
-
Filesize
10KB
MD511c430a4a26135f8a95059c89f142f68
SHA1e97bd164231cb0777c0cf1f31797943b55a4ca46
SHA256e8641bbf7e746132fcb4d28facf66407c7d96e9f0d388d2ef613fe902a5e16b3
SHA512a07a054c9ff1565d144e4a41e4cfdc9400fcccd580785bda7cc04c8b6e9b269da80f30156f6816c33b2773d81382eec9d17df679403027e018839744117a06c4