hxxps://social-unlock[.]com/wFBZP

Analysis

max time kernel
104s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://social-unlock.com/wFBZP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
4592	msedge.exe
4592	msedge.exe
3752	identity_helper.exe
3752	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 5048	4592	msedge.exe	83
PID 4592 wrote to memory of 5048	4592	msedge.exe	83
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 3312	4592	msedge.exe	87
PID 4592 wrote to memory of 5072	4592	msedge.exe	86
PID 4592 wrote to memory of 5072	4592	msedge.exe	86
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85
PID 4592 wrote to memory of 2084	4592	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://social-unlock.com/wFBZP
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9a7c46f8,0x7ffa9a7c4708,0x7ffa9a7c4718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3076567992366125289,17962595859812651052,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07cd095f-9e18-4175-b953-b818e8acbbc0.tmp

Filesize
6KB

MD5
7c8e7679c2ea4255103187f8c6b847f5

SHA1
1f8dfd4266035f9d20b49a405cfd931c006ca9e4

SHA256
4dea0d400448df20b6c6b0ad37a02e715c945411b2af9eaa76369d05f4725872

SHA512
5ec46df70dbe166a3debcfd4b601679138130d9bad33a2586aee87e3d47035a937870bb5e4c56fd703295346ba6dd4481db9fc00066c2d020c18808527283d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c54eac54b705eae70806a23888faf2a9

SHA1
ecbe7da6c90b9ba186d2f24b24c073497a88f2b7

SHA256
e4afa91109dad2954c97d95f1ce88ff26961b05010eda4a947dcdf43affd46ae

SHA512
384e402c06951f81be78a8509474374ed634ab81b165a56b2e78bd705d4cca20f7600f1e8497d95b76fc7e529fdc571025909532d31ffba2ec6681550e92e31d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
cae6117bdf98253447cdbc52592fd47c

SHA1
0c0bd54d8bb1b30d107fa7120ec2e2f1e8481c49

SHA256
04e829a39e2e01790adee87602ccd1a451e8e8f2eca7a8a13a86a4aed090a6d6

SHA512
8d1f7f93fe3bb8ef33ddcaff24c6cfc30da8550d944ffe643d80f22b4ce98d18422822e9f8c7b01ec516221c4c36d313cef267caaf9daf36949ab67b2b359aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
87acf999ea9780a3962c1a75ca3511dc

SHA1
8da1613c1d5fda8690552771059ce178fccd1311

SHA256
b3ed1fa04f50b42826d71e811b5de4f63acae9b5e35df746af6c2a6d09c25b9f

SHA512
58b22f087612c9bf6443f77aaf00e3b74a8c9d1f0a953262d976b48a725e0d015449202160c65825ad1ef8868776c1c2d3f4b8a9deb36f8f8f260e4dd1bd91cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cec1a0a2892328121f2fede078a7ddb

SHA1
bd153ed5bd1e60782366468762361a0779ead573

SHA256
eb9ba011c4e7124073508dae773e379bc940500e6c525c61ae3de0ee34f49d14

SHA512
089e2e2daf4938056c49e9d4fc432482b0697413e91beceb6931bb1c7962a8aea140c925b583daaf0940dfa60b499aeb99553d8123e7028a3e536b1a97df4a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3812a1818e4b59c87866a82f0fa6ecdd

SHA1
9d4746f560858cf4ea3b01858a31fa110d92333b

SHA256
0adaba69c316ed477f0b9ed0233983f30defb55f59c5d9f6b0610c1ce1363c13

SHA512
28c2ced2b21d42fb9e1fd9e2cce38398306bf67432d7cba8035af8c3916ed1a1cb87e656901da7594d0ef824e75d22d8193ac152981722fa082ea94ab76f3e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51c64276cbfe02ce84eeae576ef0abc8

SHA1
621cfa0050be777d99306c508e949a02fde8a826

SHA256
6a4ab037bfaa1f958774d4ed0c52ce083acafa9086aa10f72de910ab4af4cd56

SHA512
8afa3d80a884b647cd6fc2b8665ca68e9f061f465ac84f7bf1c3996e2eaf5bae82c86e7cbeba9383fdc7874be138b25aa785d05e2db1f6303862950f9ee73357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58411b.TMP

Filesize
875B

MD5
26daeaa3c60f669ad1280fd0e0010e82

SHA1
29a3d259f4f035b6b7717250c34ebc8c606d591d

SHA256
5e0320eea8be38e592d86a10d74761dde0001516b7e002588e669f01e6c95fad

SHA512
c69c50f4f63c2172d80cc820d53e20eee0af12ed2e92339d6161c548981df77f85b2432f5c01a867e3327f6df1b1cf32e00b7d4ecdb714e0cf4d2922e0717382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e316b5a6186797dc6ab76e7a733ecce

SHA1
dc8e2708f245e812b4510252cf59f0e2dfacfb50

SHA256
fb6b69d7743f941ffc3093978e8cfddbe727bb2930126dcb896a0d6d8b2703e9

SHA512
1c14601212a3df254ee22b2b91f5055d2a0c25f108b338545abadd8f0950f43e5d754242f0b5d392beda6b2df0dcf04ecd6efe005ff17fc6683324084112dcf0

Download Submit