hxxps://mircopet[.]ge/plugin/

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mircopet.ge/plugin/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3780	msedge.exe
3780	msedge.exe
584	msedge.exe
584	msedge.exe
1508	identity_helper.exe
1508	identity_helper.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 3668	584	msedge.exe	80
PID 584 wrote to memory of 3668	584	msedge.exe	80
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 964	584	msedge.exe	88
PID 584 wrote to memory of 3780	584	msedge.exe	87
PID 584 wrote to memory of 3780	584	msedge.exe	87
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89
PID 584 wrote to memory of 4372	584	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mircopet.ge/plugin/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1bec46f8,0x7ffe1bec4708,0x7ffe1bec4718
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,496370218015070468,14459173313675969471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
890585f0e978711e84e103f4e737e1b8

SHA1
12b9a7b4a1a016c8a0d4458f389135ed23574e27

SHA256
c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092

SHA512
246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
97460726d8ebda681d8aa894057185c1

SHA1
a7e099b61d195b33857a1bda50735ec597e319c2

SHA256
ae5df2baef7db2489cbb2a08baa8df98e04af5f56a0e26d30bd73bf20bc40aa0

SHA512
e6ff05c1dd639477f4af15e2f9678361533328052816702f63468253effc680d1bee6c2cabcf02f99563d45dca16fa0e9295355ff73ce39a0813dff4445bb65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
540B

MD5
3d31c1fabe774e65c7b995ceef16bd3c

SHA1
d6d48a51c0d1359fb65fd94afc0929773b5f375f

SHA256
489ecc7d0e5d8d1deda879cf076686c6d1b2c2e898915fe232b7f36c46b540f6

SHA512
03950c85f220273e86afce5aa6cab02a512de284c629703ee5acdeedc52cebca4978346bc3d22c152171727874fceb65a881cee6a4783af49eefbf052b773f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bbc302137d078fd22ae2c2eaafa78e46

SHA1
151db1ce3fec92a397cc39da38c9a625e4049e4a

SHA256
70b077ac93188a07ed1ec66c61f3dbd48ecd11c523336d71c44aecc7935a8396

SHA512
fe9a785e00cded430775a945bbd5e59b027011ac2033858239cb16c2f2f838c4dd9b0be29decb3c002a7734634ced39105839cdcf725c9fe4bcde396ba5336d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
afb8585a2c45506e99cb0ebdccc72377

SHA1
e9b9b604816bd4a17b2c78447c6fc0d58f2f20e4

SHA256
abc1558bd746adf1f8c7ab8a05b26b6dec03bb817dab0a5d52b0e0cd3cfdc22f

SHA512
be7aa76d4b2da8355042e177c582c5681e0fbaa17492dae79de835943bc8ccf9d9bcb059db87513dacf8d577a1a8801d2ddff238793948794ba0f66661d2e5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a553ed37741112dae933596a86226276

SHA1
74ab5b15036f657a40a159863fa901421e36d4fa

SHA256
ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87

SHA512
25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53a0dd0a7622a2f8da765f52629aae15

SHA1
e70a137e4537388b70281ac1f6571256410ce7e8

SHA256
2554aa919facb037120a9c45dd96ad5b9c3a8b714809a6be39f23f632ea163a1

SHA512
a5876ffe5e543db052ffd1dbc669bdf5c0d0120fc82abd7a55fa2060740f12b119a1722e3efb92cab7fa66425e4390911dafbbfe60af4a9d37b1c8403984a740

Download Submit