hxxps://www[.]hybrid-analysis[.]com/map

Analysis

max time kernel
210s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 12:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.hybrid-analysis.com/map

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4152	msedge.exe
4152	msedge.exe
3932	identity_helper.exe
3932	identity_helper.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 1108	4152	msedge.exe	89
PID 4152 wrote to memory of 1108	4152	msedge.exe	89
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 1064	4152	msedge.exe	91
PID 4152 wrote to memory of 4072	4152	msedge.exe	92
PID 4152 wrote to memory of 4072	4152	msedge.exe	92
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93
PID 4152 wrote to memory of 2568	4152	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hybrid-analysis.com/map
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdf3346f8,0x7ffcdf334708,0x7ffcdf334718
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,16730516002865765584,9077091941739545176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
39067b997b0630b8f54e8fb4a339e6df

SHA1
dbdb1e3bc733a36a7ae814bcb78142d9466a28f7

SHA256
ac5b2850ab51bc8e53e9814a8fcf65f056096f07e4022e359a1a6db8a8b79676

SHA512
3a3b9111ddd41f75bd8fffd9d6b5cae4bdc25b2decc892e123166e273a930041fd32d151e3e69a119d0f7bd901915d495413a3050f229c54d3f5815b1dba9f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
8e9788a644e235e1a76f40bc09a77667

SHA1
7d4d46972b3c3b4612bc8d04c52a3e11cc16dfdf

SHA256
98c6978ad381f77905100ff332f77b917d10d0afc8dd968be83a695ecf2ccf45

SHA512
a7584319177327b8a8b650be442697a2121328d56a0bf6a74b0751540dc80176d8d6bd2cbe380f89d345fe2e38e98dcb5195de480e106979ed19c94cf25269d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aada6baed1403990226c72ee99198dd4

SHA1
99041c4d84441a5d10c129ae6ff13293fa59a8ee

SHA256
3bcf558c331d3b4344744c1cf1856f6807ac63fd10fb4a7bf8f19d9e94bc002d

SHA512
c835732c4b2ca80497a3d0910c69345185b59a3f90617bb4d6d7976b06ae0bad56260d52274283eb39331fc4e024d2588a9f2dcd49571e49ade621181caab513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6be684ab6c094e814623be57f1e2ed23

SHA1
4b83f46403f48254f9f66357d4e75c93db9842a1

SHA256
07ca50ccd110adbbbeb729db8e98567a135d4e4c26412359217713689b211652

SHA512
a37b4f6abeb8178cac1ccf99b36aae053a12d67e2dcb07f41e0edbde65fbb0657273aefaa396dc4837c83bb9a3ecfc1b4f417f3370116c651ad147103d2922da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
816239b1b0ed041815fe44090ca7d00c

SHA1
d63c79fced3d1bd51b0058be2cae7aba777bafc4

SHA256
bdcbcefba9244cffc1cb3d81529c8f2baba00657db9f85864d09a6e920979e7f

SHA512
632d7f994c3fb14ba996069f6af2c3847af5ff47ec2b9a024be42ed361c702f3ee82072deaa574ac10cfc24b61e5e124d7bd173bdd01fcdd84b0afb741b31595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
3a6b8997d52cfb53dcd1ed73f00b9127

SHA1
1438109d31cf47a596838d682ac5c5bf42dc65cb

SHA256
25763aa4749355c5d2fc63452782532339db385a46c5c7a3135ff5c94300daeb

SHA512
0bc69c526b005a6c0d082c28a23e1730ba10a77882284f85d5497972b12dec6635d750200661f76e1828eadea435ee5b2165c21798534396502fd6da2f76268d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
d6b1566ae0ef877aa4768b2412341c66

SHA1
6d681f4504df476114f2a60dc2bc8958c575add9

SHA256
98a82b05fc49630fc62503f01c48d703d60d667be7a57f2379d99b5b5462a121

SHA512
082bac67c70985cc8993cdbab7ef0a943d68c99ab5bff9086f172bf1e8696914b74746c9819e01c0cde12071f79285da544bbb70c95ad1a30e3161376d0ebee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb8d.TMP

Filesize
704B

MD5
dfbf94885359903e553cc504a9fdb7de

SHA1
13a5cfd68c49797727631d91400f4db05cdf579a

SHA256
5eaba3eb60bd3354ec01888a2b9480702fd35b3460a56e4360f6b11b71c93f6f

SHA512
9bfd61ea2197e6d6eab1a57ea73e0a5c8f9f1d99dd4338a844ed5015dc5296a9896e8d53b691e4d988fe5fd06ee4f6ad09cdf82ac15a5b4a08aa090c5335c965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6c077be0dae2ec01c06cc39f58173fb4

SHA1
f6aae67eeba049f70374aa9da0c7db8d84cf8e52

SHA256
87efeb0c07236a673cd4c74c5879d46663fce7738c31ecb05f1ee39bec5a0d42

SHA512
69fd913890e112b9b4105fec5042da6361db298f13c622d778ed9ec16b3754b521a35ccc214f7f922aa9116cf75aa99b2c302d50b24c848798fcec9a097fa887

Download Submit