Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-03-2024 15:33
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240226-en
General
-
Target
sample.html
-
Size
1KB
-
MD5
f240f2cb0b7928f9900640b907a261c4
-
SHA1
c30214e3c3703fa5ff852b2e61b3ca3329acb994
-
SHA256
6de6b709771cde587b9bd92b137729fd7308fc852b85518a48e3c09ad1d9612d
-
SHA512
9f6b7bac8bb0ad260555ac535dc1142d857bd709f19ff730ece5989948c59aaaf0cc5c83077a6d654e77aaee34c666414c94f2321cbbba65a3f57e065109ecbe
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
Processes:
msedge.exemsedge.exetaskmgr.exeidentity_helper.exemsedge.exemsedge.exepid process 3756 msedge.exe 3756 msedge.exe 2020 msedge.exe 2020 msedge.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 3528 identity_helper.exe 3528 identity_helper.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 736 msedge.exe 736 msedge.exe 2352 msedge.exe 2352 msedge.exe 2352 msedge.exe 2352 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 4972 taskmgr.exe Token: SeSystemProfilePrivilege 4972 taskmgr.exe Token: SeCreateGlobalPrivilege 4972 taskmgr.exe Token: 33 4972 taskmgr.exe Token: SeIncBasePriorityPrivilege 4972 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 2020 msedge.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe 4972 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2020 wrote to memory of 116 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 116 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 2528 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3756 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 3756 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe PID 2020 wrote to memory of 324 2020 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f71b46f8,0x7ff8f71b4708,0x7ff8f71b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1740 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6340 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12564298918671320168,11642684039864231131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f71b46f8,0x7ff8f71b4708,0x7ff8f71b47182⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\BackgroundTaskHost.exe"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD573c8d54f775a1b870efd00cb75baf547
SHA133024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA2561ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5d8944403c99bcc7bb419e4eda8527e34
SHA129f78ab1438c2d3581be3de361d202215a2af763
SHA2564525dcfbb35aea13a99928a786a8eb0a19d114a667f3ae1f5d00fab945fcd437
SHA512686dfbae3ba009e6f0713c7a8861ab1bfa9cfc236be25808970e90a825a4775c18ad53560eda6fa2b1fe36e14c94db5a80d0b3300fca89ad487c892ca62a8884
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
252B
MD5ebaf8d21c0c3291511f360ba391d7442
SHA11559f3341b6e6cf214d9e8f54de0d598008ba2bd
SHA256ffff31c9e4d83083862a8a27eb37fc9f55dcb0c3914442fb43e94dd58dea089b
SHA51214811f39d9f7bdb81825e6fcdbb6386fe1071ac986b9620162e5067fc6b980e3b1ae35c5c98da7cd3063a68fcf0d969f19584a5190490288647edc21c3402ed9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59b5f3f1de918b05b3df6f5f633965275
SHA13234bacabddc138e17836601cdde93be009e7548
SHA256b6e13454e678a7688621e99d161fa8a10f6e1ad7fd0d3555319048cf79f449fd
SHA5127e23443f3d002802ed22518c1b70518ef129be28dfebd8e23d509e0de07bf76d39b19fa82eaac4f1818ea2f1a5b4496491bf5c7ddc2448468baf6e1b1b9cfb48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50ef419271f772f28286a47fd29eade00
SHA1f68453b50d5200ad53c5825b5e9bbb9a3afe7418
SHA25635ef23f456c98be1e15336dcaa6521088879c2559fd37b685b6d269925bdfcc1
SHA51222a73ff2cce30f193298d2f3fcb57c6ea48fc66df2eec718c34650c1f152c8717eff42f917c7c3f61cc3592a8ed3edd9b2c19af5b589974044e56ce153c1f81a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c92534bff99fde9752b024ed7ef6ca06
SHA1d787287d8c1a756fe101cc10a105c60cc08eab55
SHA2569827f9f00f0fc2a29fdb28ba4608a67f606a1cca10f9d7d7d6c0b114c03f2eef
SHA51293f579528b035384cf381856d23f204de771b0dbcb5d535e2741448fde6b8f0be46e97372fabeb5ee40aad6b43751ef5ded3d1e702cc4c09b21d911a93c31954
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD55f741c20d692a87d44b2ea6a667fa347
SHA16b7c300ac58dcf8554f3bc663b847305d7f96feb
SHA256890bb2fb11d11a3c2c651c47ece333fc0d600df5cb33e4bee7b7c53c5901518b
SHA51242a7839702a5066fd051de385a773dd697c8332d64bbc3e3691a28bba1483c907fc494eecb1c30cab07c5c978ffffce903d4cd786684afa046db6a5fecf4bde4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD560e8f51c38a3efbe8f39e67d2d6a59f4
SHA1d94375f65d11028cbc70862242e087ca68a5b6f7
SHA256d033aed944512633e205cef465d3e449c5ea77d41395efd6c9cdf7444337f9a4
SHA512af50675903ae198e10453d4159a226277ad46b5e5c29deda30226fcb897617a2d059d5496454878c52e9a69f932deb2030232b6a3fb806456645e81a362a5711
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d4b16d399b4223be2b6444cbccae0781
SHA15e451a2002a553b6b013f1f341e8d289dbf4ce02
SHA2560c4be5624e02373ffe1fda11ef29a910098f26355e105325bfcf2c5c8e073ca0
SHA5124ddaf725a47aabe8a287317388c1819e68d45e8339cff12f71d74a6e563b6473af7944c79a1806ee4080c556b0914d61d07ea12c3d2157cf013359dedef98e4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD567f4ab8ab4fa2ec3b7464a490ed86989
SHA11a464390406bfaa54c11ac613c2b5b2141368c60
SHA25690fbaf319a7ec9f409285e4d0d7d473cf3390e612b9d00454e2beba087e1a4fd
SHA512a7b20e58caac6407258abe029d2e7b230c34d6ad4882df7fa0c570c7b44655e3ca3be2e7596c902f83f58cbbf0fdc3f6ea21cef6cff711219751aa192ff64604
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c6dd3ec634a4f8a84b9cb0cc4bf4573c
SHA15d1e8395300b74d7346dcc77bd8eac1b1cd936c7
SHA25694a0464b76940f941c7b220609387547eeeafbbe596e12077394f4c5d5c30d0a
SHA512a5cbcd87ffb5933c35d57348c838b10693d81477c6d1b0727a760a65b21cc76544d003d33f8a1c74184fffede4273dcd66b36a236d1dd4ff641509b77bb1b891
-
\??\pipe\LOCAL\crashpad_2020_RDJZFYFTUFHXUAZQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4972-39-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-46-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-49-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-48-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-47-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-45-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-44-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-43-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-38-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB
-
memory/4972-37-0x0000020A3CD20000-0x0000020A3CD21000-memory.dmpFilesize
4KB