hxxps://wise-2024[.]com/URERI838dill/74JDJiild/

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wise-2024.com/URERI838dill/74JDJiild/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3368	msedge.exe
3368	msedge.exe
5056	identity_helper.exe
5056	identity_helper.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe
5304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 4772	3368	msedge.exe	89
PID 3368 wrote to memory of 4772	3368	msedge.exe	89
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 220	3368	msedge.exe	98
PID 3368 wrote to memory of 3176	3368	msedge.exe	97
PID 3368 wrote to memory of 3176	3368	msedge.exe	97
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90
PID 3368 wrote to memory of 4544	3368	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wise-2024.com/URERI838dill/74JDJiild/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94c6446f8,0x7ff94c644708,0x7ff94c644718
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,11613215720903312706,4127126768549921039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
77e98e48bf9ee7085ccea0345b70b148

SHA1
b16d4a710fc71621529ef2e9cbc1f3bbd1841228

SHA256
1accd8b5c5d2af567d1f2ca0ada43fe51678a9a1c41afa475f2752d7fe44c3ec

SHA512
7b0afecae3d98911abbf76c8fa56cf49cecd163184646e9d0eb12eef8f86f8d04dd839d61adbfe85ea7e04b3f9ab818b914f706b06f2104bcf6e7b8fc34448dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1023B

MD5
ec1f2b6126490e724360998d7297b449

SHA1
857a77ec53c94919af29f1f4a1a6e82f1a45a0c2

SHA256
e684231d1aa2d2e0b6c914534ed2bcd88d25be897974f2684aebf7e69bbcdc44

SHA512
51338023c1ca89193a6120a2438678c8f0956e6a9e20ac617cf0ecb21841245b961375ca6bf12560c4dbe2bdba8881ee02d8455b43b52aa771ba4c1e8eb61e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa5cefc6457b6273f172e41057353a5e

SHA1
68499bf3e58bd7d287092c71178a3038a8bd5653

SHA256
b723d3c645a2d5062789c206e399fb51d79cd0c0eccd38d853bde63d4039d4c9

SHA512
af691cdf156fe8495bbff171ef1f5325da471048d29185f20687904aac5fac765ddd8edf69e02ea5c241ccca561f0dbcc0ba0b16267e7b581462340e195adbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
84a9cc1e37ed889de3f12048cc9420a9

SHA1
ad892c63b432a3948096fdfd4706a705205b746a

SHA256
a30f3e2c4eda206d2a9e69520254f6a973798282528b64b5114e9ee1ee4de41c

SHA512
aa2bb0466027fb705f89311ea1944aa1e65751d4b7ff823642fe727080a1bf9f4ef7c28691d026f6ca6baef04bbac475b1f51259e4e5567ae9e224c91ee4a8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
83af66fd94e4d569055c07a5ff7b544d

SHA1
6ac01e8ff0a99cc4408e92eb799a85da7079678b

SHA256
5b74652bc28e54ea9f0568050afffb8017de5031014e677535a611213bd3ee05

SHA512
976e26406eac52b3cc827e58cc140570919a7b54c57e2c1021a0620f490673a31a563ce2d8f348923eb44d81b7630d07a73a98bdf8757b0ddadd5db2e00892db

Download Submit