hxxp://www[.]industryrealestatepartners[.]com/

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 17:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.industryrealestatepartners.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4752	msedge.exe
4752	msedge.exe
4104	msedge.exe
4104	msedge.exe
3120	identity_helper.exe
3120	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 4080	4104	msedge.exe	27
PID 4104 wrote to memory of 4080	4104	msedge.exe	27
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 216	4104	msedge.exe	86
PID 4104 wrote to memory of 4752	4104	msedge.exe	87
PID 4104 wrote to memory of 4752	4104	msedge.exe	87
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88
PID 4104 wrote to memory of 2544	4104	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.industryrealestatepartners.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff81ccc46f8,0x7ff81ccc4708,0x7ff81ccc4718
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6368685972423144787,2547104909816999837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3300b8028991d6e234684db7803b66f9

SHA1
96df26150566233e1e0201bf17b4ea896861862e

SHA256
5b7786b5ae4ba62b88bdbd0992a8fd96b37e4c7068e2fd23d0b33acf769d00cc

SHA512
2f2dff4c24d4fd60160f70d544059bf02eca983309ff46bb7a1cb4d7c413e291c1520842e1922be55a4058380cd041cb6b4d9e70cdc5e4e00880fe13472df031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7f6a4b84d93993fde98d6553834416b

SHA1
4b4a227af10826f5a2f2e9b232ddb0336b3066f1

SHA256
843a9671b3fab9337d8d600e170f9ac8b200a2faf63b5a8cd16f157bcf73c21d

SHA512
ccfe39c47109dbf71c74ff6950526be7fcd521462f80e69e27388a9757d7f1adebf5f723c46b1631ffe3e2b4aa5829655d556bff8bd7e0f9f87fca46545bfb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
944d4213245415cb754a593d4f99caac

SHA1
4d0564d1eae99e58cc081409b341f3bd493c72d1

SHA256
8cdec3b64581bd7a5335e2d4aa0c04b24ef67a5b830eff7ee78a0e8138f59dec

SHA512
b1adcd9813574ce637373b107a37b82a8a0d5402a899b8db11aa831b917b82a8f411f1e1645c83706f132868b68bba6929e159e4ce5c31a0d061da77445921d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7df819ad9e6ebb6a582f2762c02eee43

SHA1
04cfe18d7d932f3ad75b21d32b4a3b33d6582b08

SHA256
17f9524f3045ce52a8d38f81f4cddfe928ad887db7fb1051b377faf497608d10

SHA512
d698d4b81af8a8706c202d755f8b2d0e394515be70ac5fd2e59b8a77e25e2e954057f218b29a2cc30561ee384ef4e033982e6221a1e6acaaa7b00a8a64edfe39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd386d1fe53885491b6049b8bd5ccec9

SHA1
47d53182a3641f63335c394f8e44846c4658cdf9

SHA256
b39239c34cdaf0beadf7e8caaa225baee2c681c9d1ab95f6de17d357c5e67737

SHA512
05a936259d6b8b7b2a22b517f81cf9227e8ea809d807838b4e47e7af8f648c0695126bd3cb888328ede53a8dbe8263618bd0a514d6271ba0a349ec974711761f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80938b7a6405f308cc94e66cb6a7ff64

SHA1
289d7b59b8bede7e3cd1dc2ab1f7af9a7a4d3cf0

SHA256
70c69353d898ab1fb8ef66d095f6ccfcb19749e4e73c54b4b0c4ac6bff4656c7

SHA512
fd9c486c22f75b9d1815b25fd6f4cf77fce3e9964ffbb62634a98b054f07dc3675dda33fc1e6300c511276398ba14a1ae56bbc6861013c90a487a4d6f8db63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73cb34a8c36189302701ca6892418b35

SHA1
54b0d83a5bbfb32801bbf5a787587dcde3647394

SHA256
6ee6baa2ca62390d498a2dd95aa62845fadd6f26ce22cea0c1b0a6dcd69ce23c

SHA512
de560261dd5beb0266c697e33ef19e55e189f469b895a32f46b04f2ae3aeaa255811d9d31a8c572b876a40549a940328ff4789f0b7d20a3b9e0d4edeb830f1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91659f794645041c6d6554c7ed5e46ff

SHA1
d974a21e41cf04e4cd983fa50e652d0240493081

SHA256
dcac567859c682a2ca41eb34b6447984c6fa7e6846133ab0adc5244f587ab098

SHA512
80f710eccc20192999e86e087b4df8b67d1e221971291baf82e403df6d20f68e48eb97940b33008da0873916c15e433b69520e6a3a082bf1961ff7f94deee538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2335cbcb0fff27d9334d9271c08ddb33

SHA1
325f973f01643c28fcead66000c8cfccf2556c5a

SHA256
93896b3f300a17b24cb833063ba132982a977ef17e5517b664d33084e24ddadc

SHA512
0607efaf56b84a7c557b75d0b7eaabb305ab970599f9206992485d7621e18cb3628a4678b5e1f7f56b243f722a03b66c7846ca93e61c2d486ea71328abba05e3

Download Submit