hxxps://cutt[.]ly/JwM5YNqH

Analysis

max time kernel
63s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/JwM5YNqH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4204	msedge.exe
4204	msedge.exe
4048	identity_helper.exe
4048	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 4040	4204	msedge.exe	88
PID 4204 wrote to memory of 4040	4204	msedge.exe	88
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 3140	4204	msedge.exe	89
PID 4204 wrote to memory of 4892	4204	msedge.exe	90
PID 4204 wrote to memory of 4892	4204	msedge.exe	90
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91
PID 4204 wrote to memory of 1440	4204	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.ly/JwM5YNqH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac76446f8,0x7ffac7644708,0x7ffac7644718
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10576755810259823859,13547440908550496221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8698df3bf878d37f57af96aaade092ec

SHA1
08332914996b43c4351f56bc121f8bd9e951fe87

SHA256
eeedf2571d9afa4ca72d49de32cc983cc14eca61bdd8db281a42e8edc9c05d2b

SHA512
8a58a9318dfcd5075b684b1fa2a81a6207d51b76bc6b8dd61ba54e74b6ceaa95dee18b133a466048c6c05258c35a79b7f975efcc362786c2d9d8a223250157ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
693f220209d67da4f9edd8a78eaf9ab0

SHA1
8b24d48cc922113c560016759b6c88eff22d3663

SHA256
44062f0ee70e04be0677001f78fb4613e8786e94772dae36f22290904da43c67

SHA512
4996e27e276222cca260e30fa4d153aaf86decf0204361c716f26069e527b8a8b91c222100cfab6b75ffb5cd8c155a08c36d8d053604e3dec3e56141b3f80ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8602c85d8d0e95f83daeebaf9b72e103

SHA1
0517fb3bfcca4255b82ce6fd8ea665a823fc7217

SHA256
dca2ca34bd5e155327278ae227de30c2cbce3d9ca42f3c0ae31676467e11e0aa

SHA512
d24e6098846acfca3ef4474df27d8c7456ab27e85c5e424de3a28068db68451c07a3c0010a223c5b14eb5cde62fb1650a1cd352170737dc126e484742aa0788c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f72c377afd6a2fc0b2b430dbd20f5c81

SHA1
ffcc8bf285dd489141e1780895b5df4150143922

SHA256
687a9147179e205f132cb8ad0e32e561e7f7e4cf94b4e38b488fc0ae9d7f76fd

SHA512
73375d611391cd977be48b39c65f09dc5a14349728b1975ccf3b6d7667b4159d9fb607b1511330ab067a6bebf51a1e58e658b0027407a3dfeb92ee3ac3044a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578d8a.TMP

Filesize
370B

MD5
0ca8d5da738116864d127c00c43eed0f

SHA1
03382420004156e96a530e012661f5223a90d81b

SHA256
ac6ad310d22a8a56c1497385bc13750fe10449a7aa2c9eb39e5df6ba2f129ad0

SHA512
c17aa59d105f59e4904c2d8cbe0ac23ae4dc2a111a4c69cfe5986e6357c591558202796af84c2257852f114c3a513d2049bc96af8ef1036d76054877acf83714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2d769a46d01809da3519112cd0a78fe

SHA1
615d93659dca16ca7086fa420d058911e544f5f1

SHA256
c9e502e9ffa0d4a8ca8ad6c31471169e7e9c5bf506094843eb82249ee231744b

SHA512
7c5c42a15a45d290bfe6853de5f606d3ff2724b991cc0e1c0448e7199d02854053afeeaceee885c960beae8ed62dd1c50b4d774bc2d4e063b6180179e50c0678

Download Submit