hxxp://mp[.]weixin[.]qq[.]com/s?__biz=MzA5Njc5ODE4Mg==&mid=503140252&idx=1&sn=4c5249a9024aa5cb6c8b780df4647474&chksm=08a37b153fd4f20338a80b4ca9c3c2f175e9501f3066409a430948c60f28f68839ee90a27c17#rd

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 11:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mp.weixin.qq.com/s?__biz=MzA5Njc5ODE4Mg==&mid=503140252&idx=1&sn=4c5249a9024aa5cb6c8b780df4647474&chksm=08a37b153fd4f20338a80b4ca9c3c2f175e9501f3066409a430948c60f28f68839ee90a27c17#rd

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 1508	3304	msedge.exe	14
PID 3304 wrote to memory of 1508	3304	msedge.exe	14
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 3928	3304	msedge.exe	28
PID 3304 wrote to memory of 2392	3304	msedge.exe	26
PID 3304 wrote to memory of 2392	3304	msedge.exe	26

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc272946f8,0x7ffc27294708,0x7ffc27294718
1⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mp.weixin.qq.com/s?__biz=MzA5Njc5ODE4Mg==&mid=503140252&idx=1&sn=4c5249a9024aa5cb6c8b780df4647474&chksm=08a37b153fd4f20338a80b4ca9c3c2f175e9501f3066409a430948c60f28f68839ee90a27c17#rd
1⤵
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11493731011430555693,1447418111327979903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 /prefetch:2
  2⤵
  PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5339fef22e45ba3000bfd101e9f53966

SHA1
3af3e4beac6de28c08a9ec45a05b8a37cc6bb002

SHA256
ddc20b219313b8f7fee3f2959107ea0fb85112998676937c7ee90f6d81978af7

SHA512
2d13cf3e4f1f8ebc7789c7429f0e3cd1f1326c14a1d3cae6e9d52564823c173d3447da32c768530e257f3eb81380357e966cfd0f8669874baeea31412febe726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
256911f6ce4884b37b792500c9fdce2f

SHA1
fe620072e9a24ddc387c4f5131ba66cb9f8f5290

SHA256
d8a0f7c2e57be64a2ccfa2715b3b1365f4abd5ab04ea9484a196cb92d4a30ffc

SHA512
e59b774f0cab4155a45882cbebbc0627e2ce86c9b20c7a8e1f57b9da42c13f150d7ceaf97b4624ddc5dc62ebba3e77dff689f497e1cf4e419919e4cdcd9572e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
1KB

MD5
7533c8792e22c677e0f4979b29549614

SHA1
f56480bfd0ad20fc53dcd3651567866f5c2d8d90

SHA256
f37bff15e34ee780ed7ef528b594eb7c22770eabe48923c9978203300addb5ae

SHA512
6e9eec53c848d1c87697de176bb319d9304b1b7a169053a9b32a8bb43ff441f2f2327df22cf2226c2e3f35a6a50af7e5eee447846b49293d36f19fb244184ec6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads