hxxps://www[.]fibertronics[.]com/1x32-plc-fiber-optic-splitter

Analysis

max time kernel
182s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.fibertronics.com/1x32-plc-fiber-optic-splitter

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1608	msedge.exe
1608	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2424	1608	msedge.exe	84
PID 1608 wrote to memory of 2424	1608	msedge.exe	84
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1112	1608	msedge.exe	85
PID 1608 wrote to memory of 1228	1608	msedge.exe	86
PID 1608 wrote to memory of 1228	1608	msedge.exe	86
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87
PID 1608 wrote to memory of 5112	1608	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.fibertronics.com/1x32-plc-fiber-optic-splitter
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbccd46f8,0x7ffbbccd4708,0x7ffbbccd4718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8053342770634545939,1590988287868842972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0fd19412-8f9c-4ced-992c-849d72e1b81f.tmp

Filesize
6KB

MD5
d582b029d6133922c83fe9808fa14616

SHA1
cf7711a2085f64978ce6023451b7827fac7b011a

SHA256
c4e2270c8eee2ba5195fe9d8d796d44f17174d915656cb5acaff427ca9de314f

SHA512
3394671b91f458dfffff32915e8513a63dc1185b0be9c8d79684b8573f83b8540a4879a69dd6de68a8b6635680cebb3287a3e734a8401f3d93663f51e59f421a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ce88b7656487925845e8ea52837cc44a

SHA1
03357fc1ed9d88590b434f3827bbc66f28587575

SHA256
584cdd4053834827e3ecbb3b1940deb42c475335a164a609d917e06c20647d85

SHA512
29814f3b4764eeafdca28ffd1e01937d7756b2101c177c771b03ab17c87f6e36170000c00c2f8b3f110ebef812ddc97b3f8dcda8e9aa0d034716a383e825cdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ab932cc3dbaf7a0e4cb48a139a891424

SHA1
a9b5779f066455ab97ae5e69e2f3af2d3cbbc0b0

SHA256
5242fddd3507981af7a4e5ce487dc7ca8bcb39d731a8a0938957adc75b37c30c

SHA512
cdb58c2b474ba2a296e6441d81550e8ab16a74a623f951595796a99d3d8ddd6b70d13eab42698cbfaeaf763884922b80f8e1ca19246ed4db9b86e8f6d423ff71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59d55c2eabb84e52e2d8be5c3fbefcf7

SHA1
8715e1aa25723fa711f4baf79ba7f03b8d5cb343

SHA256
1236053d5af56d332267bbfc48b0eea1440222a836888e5960b7679047d26ef2

SHA512
bb62bba351fd2486e72a21260eddfa75855dea7924f75c18d1c0b3f75c1d272f79a7b08aafbb0bc6cf408550d7186b54bfe12a287f44fd01b66cdb6b98e1d0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b6f29bbb9c9aa57291ef44d39bf59847

SHA1
f380ef534add024b489bedb40bfe55e451d8ddea

SHA256
fff6fe6e78672c721047e9eae1914f43d6104da04d188f88d2a6fbedc699eb99

SHA512
5e1b39360ee86e3468ff632c87451a5ec418070a2ba4733bd4a733d5307c27f35eb8e1cb5f545e828c4e6e2b39fc9f2d8019a335affc07ba80d3e3f4a743fe6b

Download Submit