hxxp://tracking[.]conferencepanels[.]net/tracking/click?d=JnCqlHBu_jo6fcfyqgxcmyqf2qAdEO5PKI43I3PbrXVc1J1nZNwHe1j4_E6zc3Kk3s3zSWYAjvRttGlrlnPkYGsn1rtr4w5BkPQuU89BmJwzIaJO-uvHrEPlNPHW4QO5UbGMyGTd0_sjFheBa-SuIUDFbHNG20lxgXceI8tXtl23-TbkX_ewoIT8gr2KsxZyjafVNTpX-A8J6bDt6FQlFKoEMtddt2OqEmFcbN3-wSCU0

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tracking.conferencepanels.net/tracking/click?d=JnCqlHBu_jo6fcfyqgxcmyqf2qAdEO5PKI43I3PbrXVc1J1nZNwHe1j4_E6zc3Kk3s3zSWYAjvRttGlrlnPkYGsn1rtr4w5BkPQuU89BmJwzIaJO-uvHrEPlNPHW4QO5UbGMyGTd0_sjFheBa-SuIUDFbHNG20lxgXceI8tXtl23-TbkX_ewoIT8gr2KsxZyjafVNTpX-A8J6bDt6FQlFKoEMtddt2OqEmFcbN3-wSCU0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3208	msedge.exe
3208	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 2116	3700	msedge.exe	86
PID 3700 wrote to memory of 2116	3700	msedge.exe	86
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 2700	3700	msedge.exe	87
PID 3700 wrote to memory of 3208	3700	msedge.exe	88
PID 3700 wrote to memory of 3208	3700	msedge.exe	88
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89
PID 3700 wrote to memory of 4552	3700	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tracking.conferencepanels.net/tracking/click?d=JnCqlHBu_jo6fcfyqgxcmyqf2qAdEO5PKI43I3PbrXVc1J1nZNwHe1j4_E6zc3Kk3s3zSWYAjvRttGlrlnPkYGsn1rtr4w5BkPQuU89BmJwzIaJO-uvHrEPlNPHW4QO5UbGMyGTd0_sjFheBa-SuIUDFbHNG20lxgXceI8tXtl23-TbkX_ewoIT8gr2KsxZyjafVNTpX-A8J6bDt6FQlFKoEMtddt2OqEmFcbN3-wSCU0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf52a46f8,0x7ffdf52a4708,0x7ffdf52a4718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,344047358825849880,12532570373865211817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
505B

MD5
c6f5bfac0a4e2d6f186dddb77c77f51f

SHA1
ac9f33f59170a450cb956974a64d6a1a427cc287

SHA256
9f0b3acb6e353383289c49b6bc2a577daa5a80f03ab042ec448dfe289177e459

SHA512
48a570207bae6b6ef61863131d3bca6bba47acf61c9bebe8fdf52e4f0d9ddb890cbf74a9214aade1d3d1c38a0489afd1e93ad0c4592603b98dd58951702a7c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a50e97c6644abb1fed5d5a3995215304

SHA1
e77f75565ff734259813d862f74750ae076c726f

SHA256
044695eab87d433d653d0a133771b315807ee0500a3449642ea7e553c356eb71

SHA512
d539cf79404f8dd87abeeed3aeff670775681a005cea2728978a89e933471bf15a5d7e8ff8fa7481805a4d100171ac74d31eb19e8964e22fdc7f8cb1d4ffb026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
429f445cf1e546e5ad6d8c3ea83ba6a6

SHA1
e70ff28a892ba38788a0e9781589edaf1a4cdcba

SHA256
c5c016a5cdf1115d7d658720013632998400bc403eafab8b7bbfa2348b5233a2

SHA512
982fa7671f60d606848070718daec0b4833268ff3bbfc8875798012445619b9f2431e55ecc79595932910115c9341782ce546b34fa513264e30973c39b5ad632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc5460901128a451a1534c2e974166f2

SHA1
aa072e676dc6fa8c7ec5aaf2ba2a347b4f9aa6af

SHA256
8d86d0b3f8424bc4616f33a3502208a1a271d20a5d1e40de4ea79b6081c62e32

SHA512
9b65057f42ce7f52a499baa6ab00246749a3dd5478db5d2f8bf92ed3a7c8a1c65608f86943b06d816cc38bd8ff14d460c98376fcd626ca3afe0628f32e7af40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0faba96f73709c5a9bb7a190ecd8105

SHA1
5e443173005e085afe093295ba0d78efdc180d03

SHA256
55e2e2b59a18785fc1aab906517fc0a19ad6f0b7211bd2fa5e103815390889e1

SHA512
a02aeccf9abc7c6c43908e05324c68d9be8d62878521520a981830f42498943ce502ffeac3e5ca6af9f071b7c82e99ccb3c8eaaca78d07492bc2e308254e6792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e895ec0dc3ddf97cc63b6fe9d1df61d5

SHA1
19b5d25c8afbec8b4922a78cc7ac58fc8bb5234f

SHA256
f616fdead56eff0dab20c4cbb22c4f11fee752d1146251ca0d80f3e9c32b28f1

SHA512
89076576ee66c86664bc36591aae8300b3ab93ccfecf45bc4e9a928d127345774c08fade8f0372c460cf05e6fb685765bd4769f685ee7e60428e306853786190

Download Submit