hxxp://google[.]com

Analysis

max time kernel
600s
max time network
560s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 12:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1252	msedge.exe
1252	msedge.exe
2180	msedge.exe
2180	msedge.exe
1140	identity_helper.exe
1140	identity_helper.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2984	2180	msedge.exe	89
PID 2180 wrote to memory of 2984	2180	msedge.exe	89
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 3352	2180	msedge.exe	90
PID 2180 wrote to memory of 1252	2180	msedge.exe	91
PID 2180 wrote to memory of 1252	2180	msedge.exe	91
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92
PID 2180 wrote to memory of 724	2180	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff858ea46f8,0x7ff858ea4708,0x7ff858ea4718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7252807633846636255,9070438154423568574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3317fa7a4cca19db51deab9eac7aff4b

SHA1
381331733e80762f84eacf777c32519ff0522136

SHA256
417d92d179342451f9f800f409995ec29ca8caa665ec9876a6b1083d4d987b8c

SHA512
2875ba224a7e1d20555844856685a4c50aa824b494f968962333d3bd92310395733d423a1c8b158dd0e4520bae7e52aa089863d352742944b79bb02b9d4f36c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
56cb259741ac31d407acf5a8e054c5ae

SHA1
239570998e239cb33b2ffe0f6497221ec5457c86

SHA256
16d79ad9cb354141ecc799901136ebfadd1af63898aea267d48cb0c916e29b92

SHA512
95928925cb4f17fb5e8651194bc002c0f9dc9d3afe5112d1f8813fe221ac92b068e615d2d40fe43d33b8cb5bba6bd253e355b287b7dd2d0a3af4c31b13f78ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
594d1a6cc6329390a52bb148e2a7f890

SHA1
55b8f0e3ae6d1aef9c612f93b9cd67b35f3db135

SHA256
cd5f2dce3c73396694c73a8fd38aa6c121cd686df1bf40407a2b03fec0e7391c

SHA512
54a1070ca295ea30a223c024d2b0d9b1171a48123a6a3f3517abfc6582536ad0f7def468c0df06d686cfdddd4d0bda5551cd42cc6027dae5656cffa84ca3b4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3f4f8eb6003fb515e6be447c13ec853

SHA1
06b19f5b5171a1a06041b1470c2c8572771256f5

SHA256
0fb658a35f23a209e74e62352cf7b79baa76b534d2eada0e8e5934b806798545

SHA512
e7c7da8c3cc2ade2da0d8da1b1d91ffa934ad0ad7e45e28dc55279440450ae78d77d3d2ad8cfb5d91bac54f5831fad7ce31a9d8e053103288d5b139d6764a751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
05858b1d87f4e201f726a9eb1410fae7

SHA1
017b4efa332f174bc6735e73badb27e7f6ff584b

SHA256
ca48d12df610355bb72e14e2cd1fc77e0fdb5496e83c78bdc9a72ff646d8d0aa

SHA512
f0992b0bfc592b61dbd884d371e5ffb75e903a76e9a23a12ea7f7ea4ec3953fe20fbf1ddfe167ad89d61fc7fd0732149ffc5136cd05576211d5f04b14245d34f

Download Submit