Analysis
-
max time kernel
360s -
max time network
364s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 20:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://mikrotec.com/
Resource
win10v2004-20231215-en
General
-
Target
http://mikrotec.com/
Malware Config
Signatures
-
Detected phishing page
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 3940 msedge.exe 3940 msedge.exe 4468 identity_helper.exe 4468 identity_helper.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe 4304 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe 3940 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3940 wrote to memory of 3452 3940 msedge.exe 85 PID 3940 wrote to memory of 3452 3940 msedge.exe 85 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 3440 3940 msedge.exe 86 PID 3940 wrote to memory of 4856 3940 msedge.exe 87 PID 3940 wrote to memory of 4856 3940 msedge.exe 87 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88 PID 3940 wrote to memory of 892 3940 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mikrotec.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fff621746f8,0x7fff62174708,0x7fff621747182⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10882377653603992079,12318347251334664731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\713ff82a-f8cc-426a-8770-d4d515d325d7.tmp
Filesize5KB
MD5b7a74f103851b3b81be1e6495669abf6
SHA12d043412bf85c3896acafaa2e7474ac9c8b3c3fb
SHA256d0d3275c682ebb9eba95eb65917d518187b41eed1485fd27115ad2e6895ed17a
SHA5120d19ee6b283174030b4beb8956a833d1c1ee3753be1dc0034b2be8eb0e114e315dc6c51e0a82b07f2485f2a11ad5dfb6816309f3b4a9da1a09dc793fa331e96d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5623a8aa84481b1ec9f39d81232e565d0
SHA12463e536051fc9b87a29230b21596f723e27c459
SHA25604b35431a3981264f0c10c927c9cd3880e4b6c4bf91f44e528acd6a433b1a548
SHA512f4d0f20059148f51fedacf1fc6b69239520557d177f6bc8bef9867b874b8926be109ca0888b090a88c3dfdc3993d276a0935bc3225f200313c5317cf11711260
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5bcb5ea66dba32956c7366f04f1dd1d45
SHA1caa3f15d738eb4d206b4f86580ab62fffdf96247
SHA2562a507d2df2c6886c0fe66954fd99107a327478a5a8646df2e1133b7da3087637
SHA512cd3079deb28174a13642e8a463dc222c26acaa364f10eb9a225e231762a6ae32ea70909a2dd4edd36cbf50be981036d6f308526e614d36d15964cb48f77c220a
-
Filesize
24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50930eb5dfab1f63bb9b487926565ed08
SHA1b59c36966bdff1c3f2dd8da8d25ea40742124f5c
SHA25608e395be7b59fb95406e7c364cbb3e3fb838ec6cd0fb8e155bfd136b1b4d1b96
SHA512a0adb206357d2d6878785c2e8dc61564d9e2cf56ccda8cfedbc642740be20d7b37ee52fa18241dd4e154aa86d7da7765d94bba277cdc1a15cb6ff706e4e1f88c