hxxps://www[.]hybrid-analysis[.]com/map

Analysis

max time kernel
180s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 13:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.hybrid-analysis.com/map

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2304	msedge.exe
2304	msedge.exe
212	msedge.exe
212	msedge.exe
1956	identity_helper.exe
1956	identity_helper.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 332	212	msedge.exe	89
PID 212 wrote to memory of 332	212	msedge.exe	89
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 3428	212	msedge.exe	91
PID 212 wrote to memory of 2304	212	msedge.exe	92
PID 212 wrote to memory of 2304	212	msedge.exe	92
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93
PID 212 wrote to memory of 4592	212	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hybrid-analysis.com/map
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb216446f8,0x7ffb21644708,0x7ffb21644718
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16841789042584508885,3166626176473373948,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
81baeab0d8582b341e84130ceca7171a

SHA1
ce75faf6234c89d920a3888208a3f0ffabd717c9

SHA256
4ff5b33d3b677c94e8664e852609855b58ec465bb0f37e70989d6fdfadbc98e4

SHA512
8367a36242670a75f5e73c97a40f24724811324ae064b31675b3f26edee2812a9b7ed485e877d24593946e8bfb3bb1aaa96b0ef4644558fb4a0340948b5c360f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
8e9788a644e235e1a76f40bc09a77667

SHA1
7d4d46972b3c3b4612bc8d04c52a3e11cc16dfdf

SHA256
98c6978ad381f77905100ff332f77b917d10d0afc8dd968be83a695ecf2ccf45

SHA512
a7584319177327b8a8b650be442697a2121328d56a0bf6a74b0751540dc80176d8d6bd2cbe380f89d345fe2e38e98dcb5195de480e106979ed19c94cf25269d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bff3b3433da2a5d82676b3bd2bddfb4d

SHA1
26e35801bedea3079a95b8c2b1d69976413886bf

SHA256
b8dd22624e9893d7b836b054b547606468d572e0b9b422fef51688c431baf81c

SHA512
3ef8cc2a70528d0b47614dd0581880f18871995d0c548493ebb23eeeb1e3cf3156f60670f36de048191874005101d41641549878e126b1c4eb0878ce030cfbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e70c13baa070ec173267b74b1c626875

SHA1
cbaa662c65acf515118e9cd9c5e86a0d08db2c06

SHA256
7850fe316569e923e99e9bf94870e29fc8fe14863e9d6ba7d4a3b6da4911af1e

SHA512
2e8c982f8c962433df1bf812a39a6139c4aabd89afe1d861c5695c0caada83589c244f3310e6595af135b846a732df4064c65e30dbded141e979b8d0a2557103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
696B

MD5
d2b6849b025ca69e2ed52612fe7265cd

SHA1
a02ab67706a64607002ad161a3faa6fa17079cc1

SHA256
84ec60bfabb8cb92e08698f9048e5154d4d99c009dde40d110a6588580e56b95

SHA512
717a40979448af571bf4f3fc1b88b8199bffeb47384f2753475e8aa3e0437565885a31fec4777a397b92571ec63d5fa86aba86aa8d63ee79eb7deeb65be23418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
0af26e873e9aaea889e0cce9853380ab

SHA1
180fa112d5a3a1affaa941100144c5cf88721cc5

SHA256
634598c7ab2cc65ae6e93a4e8467cf948da7d167129cbde0dc4e1b073df5d603

SHA512
30d1729146061092b4f74561acfdec7aad88fca23b2c4d093b93f90bd7ebe43b04aa5bece570f71e807a021c3adccd99d7ae0655d36a88a8d7e65b7c5af50732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
696B

MD5
792df754029898fa0d73eaaf721ee990

SHA1
64340e27ed48a5d9274a9c3f2645388ec72b5b02

SHA256
6019454101d40e1e45c623198db39a5139785eadaac0f9ad919c8770a39472c1

SHA512
e092642067a5bc7c7692321457f3ee928c267787b2ed91e676e8891fc9562e0fc91fdd6f5a947b328946c3dba5fe2b584fd12e4fdf6f7a57770d749004a6d25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
e29468ccfd68a0551f167b15fcdda0f1

SHA1
ec9796a7cf27d503a327f6adea619bfefe47050c

SHA256
502b3a114d6d46f9ec5df42ce0eb40d655913ef957106efecc1ef504396b7b7c

SHA512
d9b698d8488250cecd26fb0b9ceec668f7ef4a87c75c136cdf141f2cc103fda876ffbe0e2116470f4a705293df07fe5124d06a3da55e90d5a14313090271dc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bab5.TMP

Filesize
696B

MD5
a724f68e1400117636c0ba0aaa6ca078

SHA1
431ace7d60678ad0a0948ec011af219a480cb51d

SHA256
193f0af1200f11a87fc7b1d7a97d7581a11748bf51e86b1db956d278ac65559d

SHA512
80fe61513980f4ef53004404413105e19a2882a071aa6732e3aa6e6d3ee208dc72699d861d7eb34fef2ef0f93aba09012b8397e283db27df3e4efd520d1ec0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6ca807c1d943cf5f3ed612c805c8654a

SHA1
6a2c42f94fd7b9da938ec711f681b9190b35e312

SHA256
c032a97ca09a713ce34d8bcb897a5e2461a6f4463ec4be0ac35ec2304f66857d

SHA512
ea537e9c16da65b46cde65c7caa4d4b9d57b3f8a7cc0d47b1b9c1e9e156f57a288464c587a5caf0bf3317ac590644b22183abe1885a1d5a53d4bfdfd8de3eb4c

Download Submit