Analysis
-
max time kernel
18s -
max time network
22s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20-02-2024 21:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.thingiverse.com/thing:6462288/files
Resource
win10v2004-20231215-en
General
-
Target
https://www.thingiverse.com/thing:6462288/files
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3736 msedge.exe 3736 msedge.exe 4692 msedge.exe 4692 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe 4692 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4692 wrote to memory of 4444 4692 msedge.exe 83 PID 4692 wrote to memory of 4444 4692 msedge.exe 83 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 2020 4692 msedge.exe 84 PID 4692 wrote to memory of 3736 4692 msedge.exe 85 PID 4692 wrote to memory of 3736 4692 msedge.exe 85 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86 PID 4692 wrote to memory of 3932 4692 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.thingiverse.com/thing:6462288/files1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb30e546f8,0x7ffb30e54708,0x7ffb30e547182⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,7892972155114911907,8770816938675697008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:1376
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2224
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5011193d03a2492ca44f9a78bdfb8caa5
SHA171c9ead344657b55b635898851385b5de45c7604
SHA256d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0
SHA512239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize744B
MD55d75eb500385a880a982c2299f354316
SHA16581e4d31344250e73efa15a809e5c982e0a30a7
SHA256592b38f26bf10efec4e73e3a93ec5db3da3e98c83f6fab2b4f2d87a346b7ebb5
SHA512263819753595ad00e0cb4f3824709e86c808d9247af320fb9ae7c7ce3c48583ae762e7b018339a9660b5b26f4c85e4c79cfdee21c5e636a0c176618d0445e29d
-
Filesize
5KB
MD5ee6c0a793804a3b5760d7416a6920387
SHA1bfa4dcf682d5aa804b56318fbd2dc4c0b41293cf
SHA256ed0fafcf79b83c2fd886e3eb836d4aae5128458f94d88d5d747c2b7a624fe3e9
SHA5123ac5c7c266d50d9d09b28271ba2552751c4fd4b2f57a2b2847941a5d55c474a245132c0ab0ff7b3f27735dc371971d4d5fd38b8a467e7d1979dae9d6a4d26c6f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5ac644f2213bcc541dadb2c9c59f2499a
SHA15cf8b5b9023556eead8e16289a1b062d8b5d10f4
SHA256a2fcb93d0e879705fa90318f38dd985f62bffe98d0dff071df91d8e2ecbfc0e8
SHA5125af7d855da70300230c682e2c9047272999a7f0f4bbc973ed03ae133c2cc164f11a0e04028b631ca39c4dd37d5a023e41fb5c37c8634103276f226cb345aba01
-
Filesize
9KB
MD54cf377a946c013ad858d8082436386d1
SHA14aaf88c08dada7f3b7b6c6ca24127c55a9f757af
SHA256c8208b247317e673001d89124b65b75431b7aa36922e0424f33cdbc8a488a780
SHA5125e1ad8fd3e2ca37745fa28ccf56980478906ce56d309d7868c800ca4482256ccf500a6e08663cdf7dea9dc5d9bb0599e847cbf87824b4ce28ee7a25fb4c2134f
-
Filesize
9KB
MD5f11ff57c077dc4b8bc75e504e0e12ba3
SHA14bdf6b5c20c6ae52acb19f0e420c4e6e6e23ef2f
SHA2568b0ea70fc4209317e7ab82ccff4b4806531905aed32a4e94e8baaf091d40b420
SHA512ae09df94a87cfaa0c140cfec7a39b246501d24e0e2c9f7902e46722a4c725adea415163a529e200e8c73dab29a8d2a2ce932b0d0a46f610c2543bc12e1119cca
-
Filesize
24KB
MD5f5b764fa779a5880b1fbe26496fe2448
SHA1aa46339e9208e7218fb66b15e62324eb1c0722e8
SHA25697de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d
SHA5125bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745
-
Filesize
10KB
MD579a0502c85f7cffedca8145d97e4c34d
SHA1c1bfd80564adabd53793953e475891f160451dd3
SHA25617768297fa39b7d7006788cc5f3549ece28c291320fba57ad6e718f58191e08a
SHA5120cae83bd1224737f57ff4ff5e9e1bf5bf633fcb024bbae0760aa3d97c4f208e2aef9932151266c2afb908657ee4f60e7cf96e8006e0102f456b7fc08825ce5e5
-
Filesize
10KB
MD5677641a23bb924e47c179b40ab1f9ef1
SHA1f7e5347a82322c6a467f71f11be0dbd65a496b56
SHA2561c11cfb1723318d4248210c89c2e15692c38c2c496934777fc273425eb93f0ce
SHA51252eb890422d4c6aef5ae39ea09ce7860c64848123c2247b7cf00cb74df859f547869fd91b4ea18ec85459f8add637b3cdf416e593740293b96b33be979c0f605