hxxp://www[.]bing[.]com/

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.bing.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 3388	3856	msedge.exe	32
PID 3856 wrote to memory of 3388	3856	msedge.exe	32
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 4620	3856	msedge.exe	92
PID 3856 wrote to memory of 736	3856	msedge.exe	90
PID 3856 wrote to memory of 736	3856	msedge.exe	90
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91
PID 3856 wrote to memory of 2564	3856	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa503b46f8,0x7ffa503b4708,0x7ffa503b4718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6633490148722246172,12350403643560058402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5b0bf4edca2187f7715ddd49777a1b2

SHA1
eb78099013d0894a11c48d496f48973585f0c7c0

SHA256
562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

SHA512
1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af10e4ffdd499721eb936825adcfc234

SHA1
cdd4a73d319d8ad3146ced4fc7492d7ff6145c8a

SHA256
94fe338065506a51f1374e671c7c532a2ac9e0b4ef27ec18de681e240f2ebcfc

SHA512
a1714f33d619af133ace2b809452ea25cfd8e9d52ef62530763fb5c858c7a54cce960166d8b734e3f71ab1fb5ecff851bd39146ce12b6348c03c0ba8c33a0f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
42c91e13217882862980043e6502ccfd

SHA1
0b00e3232a2088657880560fccb7fd6cce8b9726

SHA256
4a184ca0c42b68a5f42d241ea9a6f60bffb7932a05c1a23512bb6bf4f0d837d2

SHA512
6a44ea27b956ffd5f93a9194554eeebc63a09021c3fa28e35e098b07c9181387da422a4b0634c1937a16993832f4f6479f102eef325ec12339a4310196eaf911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ade3c6a9b1e4e8b59cdb4364a06ba49

SHA1
ff67df883b6b4a9832eaeb9264becf34cade9d42

SHA256
01f64032c79936664457cdac673588a25b6abc7bd23cb8581e751abfffc27018

SHA512
613e0d844e98c51932cb34217025c1712d9abb125a6205d99b9a317f068585a430f74ce5a5211cc7c673b0f0866c6ef382933267d615d43d04610bb531fec8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
10216328b935439c5aecf3eb1c93d00b

SHA1
bd9621cd036bb2c7be4096a725da8e9009bc0c69

SHA256
39fe09bd29e1bf292e456ae108e367b2fe4b7f83fac0b9145830d1d205a8bc8b

SHA512
dfbba7702c305feb226be3037133e5b4a41c567ec4ac6b89c2a1cd7dc32eb620c3d28bb8f7ba68dd558b6b1d0473b5343e2628264b5fe1c3b783daa8e9a2a643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3de5bda7e79ba5e0c29c11f7c5662f31

SHA1
2884bf519b0ab5f418b9acae897cb169fc325c0e

SHA256
00785444cb1489cb39631942f7f788495c5a17730cbf0c80dc564af432d0eca9

SHA512
1dbe9e39283a9e9b8dea4ecbcc38e0bdf21c268070d7da77050de5400df7c173decda3fe73cc83ff4fbe86ea1c4be7a34e7c60339e5c526abe6f581f3af37c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54371e088bd0e668b157b1684e471e97

SHA1
3a8d8f4af18cf03128cdf1c52bdad16ba55193ef

SHA256
25488646aac78019ec6461a39b6609363239eb3044d981b0ad8808961975a0eb

SHA512
8f77921efcba1af623d2f31fe9b5e9f7791799158d488101b1b37fc708e562a7a5f450784e04b9b6102c62dc4150c0803bd32027a89a7755553a094155170f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f3b.TMP

Filesize
871B

MD5
5a5436f09e4b027bf197053c8dfa7f2b

SHA1
117bd3ba8cf5637bc466eb08e5b222542367d6a2

SHA256
893c13f6a2e302a401c0c97d00a0822cd1331165215e63da6410f1358153ea40

SHA512
f02787b625c3fa8768e54bd875128872696071275eadfae92411dcb51f895b2e54766f7e9d9d389d0125282a3494b6874bcc3f625d01dfe16c6725ec87b51997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3690054cb14df9d22dcde1283fc52bf

SHA1
9b24f15203e62c2332f25dcd7e20df6033c63f7d

SHA256
518ed6ff43618c675a8ac5145d38fa1a8e2986a46bca3aaeaa599eebb4dc0e15

SHA512
3448f533b0f29ba30919740a58863c991c0d337dab4889905e57fd03518672e29b4a3d280d8ac4d9ccb7465c5cef9b4894bb76a632c70360be4afd203cdf7b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88e9553f3a760dca007a17d9ba940beb

SHA1
46dbce5672ee6191c619e90d2ac3750712b534cf

SHA256
99201eeb7e72b73a399c243bdfbc27eda24a1b3d06d1cd6da33ed0f2f7195934

SHA512
dce421f2091fdf87339bf0cce3201cb00dcbb33c404ad99904a24e590de548033a8143589ff94f50908a4cb1ebf4c9ed92414b8879fc7f6e4846966291ae78f7

Download Submit