hxxps://data[.]em[.]officedepot[.]com/ee/v1/click?params=v1[.]KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&;pid=v1[.]4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Analysis

max time kernel
139s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 09:34

Sharing

Behavioral task

behavioral1

Sample

https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&;pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Resource

win7-20231129-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Resource

win10v2004-20231215-en

windows10-2004-x64

6 signatures

150 seconds

Report Analysis Logs

General

Target

https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&;pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
3104	msedge.exe
3104	msedge.exe
1232	identity_helper.exe
1232	identity_helper.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe
3104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 2576	3104	msedge.exe	89
PID 3104 wrote to memory of 2576	3104	msedge.exe	89
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4320	3104	msedge.exe	91
PID 3104 wrote to memory of 4716	3104	msedge.exe	92
PID 3104 wrote to memory of 4716	3104	msedge.exe	92
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93
PID 3104 wrote to memory of 2492	3104	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://data.em.officedepot.com/ee/v1/click?params=v1.KBKhfh5A49y1Menpmq5N7DHt3AhiAtmPhQe-1R7ghBT-ERYk0xbQIis-kGV5mxzmXfrqgr3POSJYQJzu_spJn9MIC_Ifi9NCqXQqRDSwRr1zAX3ix1wqPr1ynaLiEBR_1BJNuOPx21xDZIGiaBIoecGatcofk7fNXxVnyV4heIYS4Bbbp699rddyvUxZnQ1o_Vjq4aRZO-LqwJ-TmmpZSmOEfOrST8k7m6L-gzWX2uuf9KQP7tElkXFeoNvKPblzExwW0caGL12G__65Vx7B47RJN3m8AZ1Mf4MixgKqttJsB2Kkx0h_gdCEWvrioC6kHaHGW6ku8NVFCWsVRb58gm6XB-19YhxRnf_EYFehhz_9xlBV1sp2_CsREkIgMj6pI-6ariZ63-KCn6gyXgCiD2Zt_qljPC3WJaGEwhylqt-ULg9yJSRI7RnXKAEr5TztnBP38F-F8JEduKZvUGlLrnu3ajjvirUgHocwd4xPU9Odu6dgShMMbp_S5zFS26G3Nky-CM07-8J9TyU9dXbxsoFhNnpY114CukC2X7E5j-mrKrFgf25Qd-h4Q22Sp8J4TizaAmGeyCqPWIYsn7GqSybMIiRqTtsogjrhZhKgGWtabMGNTZOd-EjGI_GSwwLzkqGXyUKhprEyykYVi1v494csQF5UpWjRjDxhr1VjsjSOyKRemWwDOiJX_p822vcIIQDtjfT1e5j0aPwwhnuP0RwABYN1WDELNpBdXP2Tg9mJGMHfKErTgj2sskUdEzslpZ-lyL6A9PJ9eSLNbQhlCG6HTYhpeL2R-agr4l04RUrKQXITRo9xd0Ir-1pq6cGO69UNkwWAyRMHqyLI8xmXYun5hTrVNOe9Lu7yLgUcDAxBoitL0MJguWvyZ5RTL-xfearU5bTdZZNiU3z3VISqyO-X5KARJC02XVUmsYqq8petaf4LU6dWnYpe6o63fTzmAkdlrVcNzC-4RGLO2unNfb1QfhCzWCxHF29vk79OG110_ejosReRiKURXxdb9ETMiBydxpmG08VD_da364X1bOPNMj86UJa9zq0nPmBJ5DHJJgm8qhO-8mWDJlduZVJRIAdvbNUhD98K80ZvEIHvzFhi3XQiCXhaj7DP3rhl5M1uJbrzkqfg_Gr3U0fC9WBnOWsxP62HxUt2bJk4jtGDt42qrX5FCd2kJ-4lCjkA9lU7eFNEx0s5PWMOBmT52E0PVnEqezO_Z7qzKHCzb844R2pmRATFYSfE1RKVczNt2BxZ4y8897GigBQCF5k8McfcWjxiKF94LL_L8Xn0CX5EVD2RAMUamX1KOEAl61a8-TrTEZ565AUIcPrOzdGlL-jlPPAICGKTlSekw7zBMvSguAGeBLbqCIzfB87IlQi95wegVppLulmmpBN34rTb7pedeivSKiuItBJDjggKdU7glSHfzf3Dft4W3lEZORWLWWNF0y3QSA5moOUAnBrQLD8VMlRuZ7Kng_d0yuaYZn8RZcYZcQo3gKhIVx8f0iJuRN-Rlq4iSK953TdWTQJqifNLY1yAOiBQkBna__0iYgsvav_Flo3nwBIyaIqi591urFqGLd6U7zOcUPZOMmJMIo8&;pid=v1.4we1hROesQ1nEu-pBZ7sMalU-gaKV4gwYWZ00UDKzltgWJsumdXaAVY6zowWB6KLMNiDQMFGx1RRQbc9xjkZfxug4D33lnHs1WOK8zmX0MO5iSuCzpoF03gbfP_bm_oG8C_GL2uTc_bh8ZPhIEv-GSdOezU&tuid=658ef403363b36591f3230f8&configId=abc22d2b-bf0c-4ab0-af34-6fc73378a2c8
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6af46f8,0x7ff9c6af4708,0x7ff9c6af4718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9754792499528998666,798327881541796650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
347B

MD5
b40bef708a94d5f1ab1600de399f5f3f

SHA1
5be8309a2ee259c46a148419db2ebf69d80c8228

SHA256
12a0475ea964b978acc0e0faa36f16897e6ef752bfff67471719e8705c1af47e

SHA512
f5d1da88816636ee2adb153d2d868512190a5e587d9b5c6d1db255dc191214434bbfec3cba62bc0186ed19186191f80b03e08dcfa927aa0dd624129e69764615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f61d3f945666edd9ae19a5d3203cc6b

SHA1
afea62a44654b15886d5abdd1cedb366b2dddad5

SHA256
14d54bb18141d136fa4d65e4251f8696f25aa1b16d0e9bae595b595eb4ad19c4

SHA512
cf81f919ef6eff5996a85011241f86a04cb8f275832c926849a0297287176c29e9fb9be2755f63f667949d703fa2b5293270907490b274086b314492ac0986cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3da20cf9601c000bd8da1ce9aa76a0c

SHA1
c8e45420333366f7c72c24a9858ae67c82c7ca53

SHA256
68ea622558a2859c69e7d9cbcd998c836907af1ebad01116cb1e039af65bfdea

SHA512
bc9a9eacaf0cb8de05e984e2682952a1d7d6d6a0da5cdfb6ff2bcd0abb134b06fd39a0422389e882e412403e9e54bce756644b04de293255ccc9b22d88c13251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc9d05bcca150285a5d48cf9def629cc

SHA1
545f0384986711faf9bf4856ca1d4b9ce009e801

SHA256
e74fe6282b36a1fdf5ce6c598c69870f074bf56201b0f6bacafc2f3cfb68fc28

SHA512
2a7e3bb1ebd6f69ba3ef8f85c381b6226c6d292440f95004217247429a89e754c3f7b4a41fc9d850cf4740c31ebcae840d7b710a3d7ae15773e539b3ca31aba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
95f5fae4b98629229194d5a20181fba9

SHA1
840d35ed4ae61f60a77a423e7c51ec094f4ff15e

SHA256
17fc371358185c8bdce33175da78485f3d1d633182f928bf323829eb02e7e0a6

SHA512
07eddd568d3afc5338249738e334b44ed903138e658020ca7354bfc70182515cd9b8d227af26cb5b05a0af270ae96052e59d3c2141ce34b108cc954fc4580713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5888f2.TMP

Filesize
203B

MD5
14b1d769e7ebee21bdcdf6452495344c

SHA1
1b973ff442e667fb49b049ff72a8333ff15b7770

SHA256
8fe0e716bee0bfbee79456be116672d88f8037a2994bb38e18fc4eb5e4c9cd7d

SHA512
b114bc4ab0faf6433a36ffe07ae8273731c0a84a2b4ac3c95e7aff4f1bb707557073f878875c2ea0ba15f639b07aaff5901cceda0c4873472aa2abf40dceb52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a99a704e6e063f920b1b12a7cf1a7c38

SHA1
6d5b3eb4d087ad6474d8e089d29ffeeaa25c690a

SHA256
c78c095dfa696795be712b69f5ce53bef74678859cea35521b0d2426a511246b

SHA512
950065f494f1ac3890db911999e8a4433aeaf0da9c2b21388d68252e13bd5d4d62f21c5adbc632842374abef029e44b77b2062d84b4873c7d54a46d59e2a42a1

Download Submit