hxxp://Amazonaws[.]com

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://Amazonaws.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe
1340	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2476	1340	msedge.exe	82
PID 1340 wrote to memory of 2476	1340	msedge.exe	82
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 3308	1340	msedge.exe	86
PID 1340 wrote to memory of 5028	1340	msedge.exe	87
PID 1340 wrote to memory of 5028	1340	msedge.exe	87
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88
PID 1340 wrote to memory of 4556	1340	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Amazonaws.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ee146f8,0x7fff9ee14708,0x7fff9ee14718
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,2387662870979733000,6721852769148146431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:1336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
ebf651b251aff041a842f16b73382292

SHA1
bb5355ad07cda507777d5f8e545c2ce4028f9738

SHA256
b579d9d61d53d4e6eb305049b7516f1b6ae72074407b1384441924e3a510c192

SHA512
b8df90f534679b3dfd7f4fd6fa6130c2f5bde30a53ae28d0e028dc4e07fab0e0585e5268d0caff1f8b844c2332b260a0e424d18a41ee60a569a8f5b6b4b1ac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a8b910193f15ff27fb65655aa6861da0

SHA1
f8440baa00e3b8f658b7df03a6e2cfed2b05843f

SHA256
f35fbabfbbb9ea93713f0861e93f9af21b79efd1232eb601a8f42d3cb2296908

SHA512
ad613ffad5680ce6f0144895b72392ce2b2d86661365365b88607182bb3bab4152cdf1a146fbe84501e90161a297813b295631a58bf5b2b7a1ab7e64ddb4d28e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24d30e109fc3f0d27952239a0c42a0d7

SHA1
1eda100955990f0b56c546e879bda314ee5dbe7f

SHA256
6166a403b7433f3d8fedd130ad9f6c06a5065332038fc2985202c96a7808d954

SHA512
af201d36868f9f355e70eedcd8fcde16cfc3969934114705b71a43cc9d04d7eee1af720350e3c06302bc3747e9416e5483ea7de2fa7ae5428117f4bab4be360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34e58c29cde5fa61dab46883548af645

SHA1
b2f2e818b7d7a558d3e77c707a0493ada18ef8db

SHA256
fd1e3f38d6611c31c6a6326f6fb25472218d345583053b609ec040cac3e03a35

SHA512
9607df907e92f793c30899ffc61334841bcda383794b144f5e6e88639cbc55a4b4ea0c3dcbb71e5813cd810d518330e34a60a527eb401aed0e83b0f468d0c17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78dc2453dbd22438fc61fd57d85e3761

SHA1
98cf61cf5ccd11a45f8798320af7fbbd94085a7a

SHA256
b31d16f1ffc32969255222ed27a09e73589e954d49b04864c92231123b24cf3f

SHA512
90c3a7af9ed73e7f48cb77eaf2d993070ed22aa830d952b7023e910b3f3f330e903aa9662cc50a04548829b1d52e58f800c866d630b794b7a528a1c8234d4eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
bcc5c7247870de5991edb1e9c3e5a108

SHA1
572f8287a2aedb9653213976414f37741dcb08f1

SHA256
7fa4f35e52cc230cb169ac865098f1f6819939a49a6bb1c17d2934386c87f582

SHA512
70abc684e305e4bf42e979f4452b85a0b00482ce7a249ecdf66978b1bb3fd7aba0cee18bf8a8040c4944a639c8adfd5bb0b28f58312499fdc6ec8e48d5db4cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
957704bf25d8d581c472052fc87e9712

SHA1
60978bdf38283b7386416e4a096eec896d2b13a5

SHA256
ef4318e427f939b51e16872b0949b7466d9b12f9cd2fb2ee14e087646bf7158e

SHA512
05924ce78da856b37e21cb4326b1b08a010d377ec8b5e66e7660b6dedc9e15c11dc566d5a5d69e6fef853061c41ea59aff21e72288bdf751422fb015ebb20bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4429492887ac2fad4a0178bdbea718f2

SHA1
c8dfc6dd9eb78ca2c4cab9c8c2176f6354b240b1

SHA256
b80d58da644cfa048f6cfaf873f38a8de5db1d40fa69de82b7f393df71a22380

SHA512
9f3d123a7345734e48fb2cab8253ecad8417a3c2f6eab6d2969924ad674a45ed360effb3b6aa75cf10a92ebe91a4f68f91cb426f16e557c01621c73f567917a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0424613cb8a2ef6ccf083dadbd565b8

SHA1
af9835a9fdc16186b6ac4080afbfc44c08abf8ca

SHA256
6720b75318ef7f82b59e51e73c23e922df503fb802e72485b9642b59efdf950c

SHA512
ab293460b0e6df60ff5a764e1ae117bf9adc9166a0b94e77de48ca1afbe367cba08c7c52975e621dcef625fc7597242374d9e4c97ba4612539657bdf662c33c9

Download Submit