6de6b709771cde587b9bd92b137729fd7308fc852b85518a48e3c09ad1d9612d

Resubmissions

01-03-2024 15:36

240301-s15g8ahe28 10

01-03-2024 15:33

240301-szaw8ahd78 1

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2024 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

1KB
MD5

f240f2cb0b7928f9900640b907a261c4
SHA1

c30214e3c3703fa5ff852b2e61b3ca3329acb994
SHA256

6de6b709771cde587b9bd92b137729fd7308fc852b85518a48e3c09ad1d9612d
SHA512

9f6b7bac8bb0ad260555ac535dc1142d857bd709f19ff730ece5989948c59aaaf0cc5c83077a6d654e77aaee34c666414c94f2321cbbba65a3f57e065109ecbe

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

msedge.exemsedge.exetaskmgr.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3756	msedge.exe
3756	msedge.exe
2020	msedge.exe
2020	msedge.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
3528	identity_helper.exe
3528	identity_helper.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
736	msedge.exe
736	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4972	taskmgr.exe
Token: SeSystemProfilePrivilege	4972	taskmgr.exe
Token: SeCreateGlobalPrivilege	4972	taskmgr.exe
Token: 33	4972	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4972	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe
4972	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2020 wrote to memory of 116	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 116	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 2528	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3756	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 3756	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe
PID 2020 wrote to memory of 324	2020	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f71b46f8,0x7ff8f71b4708,0x7ff8f71b4718
2⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
2⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:5280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
2⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1740 /prefetch:8
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f71b46f8,0x7ff8f71b4708,0x7ff8f71b4718
2⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4972

C:\Windows\system32\BackgroundTaskHost.exe
"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
1⤵
PID:1540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
d8944403c99bcc7bb419e4eda8527e34

SHA1
29f78ab1438c2d3581be3de361d202215a2af763

SHA256
4525dcfbb35aea13a99928a786a8eb0a19d114a667f3ae1f5d00fab945fcd437

SHA512
686dfbae3ba009e6f0713c7a8861ab1bfa9cfc236be25808970e90a825a4775c18ad53560eda6fa2b1fe36e14c94db5a80d0b3300fca89ad487c892ca62a8884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
252B

MD5
ebaf8d21c0c3291511f360ba391d7442

SHA1
1559f3341b6e6cf214d9e8f54de0d598008ba2bd

SHA256
ffff31c9e4d83083862a8a27eb37fc9f55dcb0c3914442fb43e94dd58dea089b

SHA512
14811f39d9f7bdb81825e6fcdbb6386fe1071ac986b9620162e5067fc6b980e3b1ae35c5c98da7cd3063a68fcf0d969f19584a5190490288647edc21c3402ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9b5f3f1de918b05b3df6f5f633965275

SHA1
3234bacabddc138e17836601cdde93be009e7548

SHA256
b6e13454e678a7688621e99d161fa8a10f6e1ad7fd0d3555319048cf79f449fd

SHA512
7e23443f3d002802ed22518c1b70518ef129be28dfebd8e23d509e0de07bf76d39b19fa82eaac4f1818ea2f1a5b4496491bf5c7ddc2448468baf6e1b1b9cfb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0ef419271f772f28286a47fd29eade00

SHA1
f68453b50d5200ad53c5825b5e9bbb9a3afe7418

SHA256
35ef23f456c98be1e15336dcaa6521088879c2559fd37b685b6d269925bdfcc1

SHA512
22a73ff2cce30f193298d2f3fcb57c6ea48fc66df2eec718c34650c1f152c8717eff42f917c7c3f61cc3592a8ed3edd9b2c19af5b589974044e56ce153c1f81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c92534bff99fde9752b024ed7ef6ca06

SHA1
d787287d8c1a756fe101cc10a105c60cc08eab55

SHA256
9827f9f00f0fc2a29fdb28ba4608a67f606a1cca10f9d7d7d6c0b114c03f2eef

SHA512
93f579528b035384cf381856d23f204de771b0dbcb5d535e2741448fde6b8f0be46e97372fabeb5ee40aad6b43751ef5ded3d1e702cc4c09b21d911a93c31954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5f741c20d692a87d44b2ea6a667fa347

SHA1
6b7c300ac58dcf8554f3bc663b847305d7f96feb

SHA256
890bb2fb11d11a3c2c651c47ece333fc0d600df5cb33e4bee7b7c53c5901518b

SHA512
42a7839702a5066fd051de385a773dd697c8332d64bbc3e3691a28bba1483c907fc494eecb1c30cab07c5c978ffffce903d4cd786684afa046db6a5fecf4bde4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
60e8f51c38a3efbe8f39e67d2d6a59f4

SHA1
d94375f65d11028cbc70862242e087ca68a5b6f7

SHA256
d033aed944512633e205cef465d3e449c5ea77d41395efd6c9cdf7444337f9a4

SHA512
af50675903ae198e10453d4159a226277ad46b5e5c29deda30226fcb897617a2d059d5496454878c52e9a69f932deb2030232b6a3fb806456645e81a362a5711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d4b16d399b4223be2b6444cbccae0781

SHA1
5e451a2002a553b6b013f1f341e8d289dbf4ce02

SHA256
0c4be5624e02373ffe1fda11ef29a910098f26355e105325bfcf2c5c8e073ca0

SHA512
4ddaf725a47aabe8a287317388c1819e68d45e8339cff12f71d74a6e563b6473af7944c79a1806ee4080c556b0914d61d07ea12c3d2157cf013359dedef98e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
67f4ab8ab4fa2ec3b7464a490ed86989

SHA1
1a464390406bfaa54c11ac613c2b5b2141368c60

SHA256
90fbaf319a7ec9f409285e4d0d7d473cf3390e612b9d00454e2beba087e1a4fd

SHA512
a7b20e58caac6407258abe029d2e7b230c34d6ad4882df7fa0c570c7b44655e3ca3be2e7596c902f83f58cbbf0fdc3f6ea21cef6cff711219751aa192ff64604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c6dd3ec634a4f8a84b9cb0cc4bf4573c

SHA1
5d1e8395300b74d7346dcc77bd8eac1b1cd936c7

SHA256
94a0464b76940f941c7b220609387547eeeafbbe596e12077394f4c5d5c30d0a

SHA512
a5cbcd87ffb5933c35d57348c838b10693d81477c6d1b0727a760a65b21cc76544d003d33f8a1c74184fffede4273dcd66b36a236d1dd4ff641509b77bb1b891

Download Submit
\??\pipe\LOCAL\crashpad_2020_RDJZFYFTUFHXUAZQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4972-39-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-46-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-49-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-48-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-47-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-45-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-44-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-43-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-38-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download
memory/4972-37-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmp

Filesize
4KB

Download