hxxps://www[.]myboatplanst[.]shop/34154-1274-3758-753640412/reportemailfraud/tindex[.]html

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
24-01-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.myboatplanst.shop/34154-1274-3758-753640412/reportemailfraud/tindex.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
2220	msedge.exe
2220	msedge.exe
1424	identity_helper.exe
1424	identity_helper.exe
3220	msedge.exe
3220	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2152	2220	msedge.exe	78
PID 2220 wrote to memory of 2152	2220	msedge.exe	78
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 4056	2220	msedge.exe	79
PID 2220 wrote to memory of 1752	2220	msedge.exe	80
PID 2220 wrote to memory of 1752	2220	msedge.exe	80
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81
PID 2220 wrote to memory of 3672	2220	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.myboatplanst.shop/34154-1274-3758-753640412/reportemailfraud/tindex.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbfca3cb8,0x7ffcbfca3cc8,0x7ffcbfca3cd8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,7883675661104940426,5939305636130039866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
92e040d7c1eeb7646714b53e4a95eb91

SHA1
4eaae5706d13b5f0ca9f2e4c994cfca63890dd7d

SHA256
5342d5a6f08451e0f1c54f8e3658dd91eeba2be804f3582ddf8d6a4e2d0c6468

SHA512
e5b4c0ee79b7536679bf2e54f865f91b4957d4f66e498a026b88a6c14a13163f897f54baa9da747c1523eaf20d29cca960b8949a08a7b0ab9b0bbe92478a34f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
143d85eb7093b5f12671dfb2c21a7e1b

SHA1
10c5d81c583d6487d92e7f60317fb884f03114eb

SHA256
cd42f1bfabe2f92ee7b4b763b0a3911a1efae4255572e061e111d9ee106686a6

SHA512
003f77f3697ca36649685dfa2dc7c6900fc57eed55d09cecc93d4b351c7af2b0ef7ba2605b8c590349cc50dfcf63348cf5c37ff2e22c925db9393c372cf67b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
676B

MD5
0898895b79484572facdca65c6f09f7f

SHA1
148c91b07ba83b8b78b3e189eebd67ec911e1671

SHA256
fbd82f2278a94237513edc38ccd2cec753cb9da9c92d19d65e8ee8f081624105

SHA512
59efdb368b0224191c1e9489f7b8a217710fd98c70b3e1629611d8133ced9a2257a66d1e081d6414fd14c2e2005d79b403070daed69e503ec08e88071ff11e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1c286a66201f6e707f91ea9ff0b8209f

SHA1
4718d454f029a632499146310a4823e27146cdf5

SHA256
6f92198fe859a6961f99a3ab8ed7ecb4110402ec03a85101f491fe715903a165

SHA512
e356f72a682ee472138a97ba6734bcca5162d0eb0af5ca073df798620559b386d86a6363ddeb4ffdb2e1409fc669239ab587801c681f80addc5d540bb065f275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e59702a6c45f58ab44b262f5bfe880f

SHA1
825e6bbde9f96987a083114b39d08f96fbe1bba1

SHA256
7fc9791048f10f5091888b26dfc0f9347f69bf0a39c840fd3974341d36568dc7

SHA512
353b4b12ca51013b6ae82e1a3f3122b3579fa08aa8f1ad5d87961393bcf80b99475f8fd624de81903bf38eeb178529b57ed5ddb30eebdf173da8778b32a056fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
58e2b179dbb10d049fe23616966bfb2a

SHA1
b4f722b7e798fb6347837b51b05a4314a8219d84

SHA256
cb934e662ce5441a1fec40f63ddb8b828d7cf0f4a532712907064b377d2777c4

SHA512
ef3fbdd259151b0695369fae632106d190d2b9ac20b9854c5d2c23359ffde9469ea1736e7079264fd739ef3a214ac6ac8dbb9ab6c49184e5b5ebf9b8341c0c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0c22eb7630f8dcd9bdba41d5e374e1d0

SHA1
53f38d9988ab5ab2db416370e88c940a32e839ac

SHA256
4a6c95d9da422c1f66a145a4e1aeb9f29ae70b30d451e1b54934a11c7e9fdcc9

SHA512
a8988b503d153a684271a43f0f2316516cd38df7d321db05bc12bc42455a9eab1b0ea334e618baef158d46e6798c95e43c4a06a048ffee133d4de398b7b6ed2e

Download Submit