Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
17-04-2024 23:26
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 8 https://au9-live.inside-graph.com/bridge.html?target=https%3A%2F%2Fwww.linkt.com.au&cluster=au9&account=IN-1000442 -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3660 msedge.exe 3660 msedge.exe 2180 msedge.exe 2180 msedge.exe 3064 identity_helper.exe 3064 identity_helper.exe 3968 msedge.exe 3968 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe 3392 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe 2180 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2180 wrote to memory of 4924 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 4924 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3124 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3660 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 3660 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe PID 2180 wrote to memory of 1828 2180 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://east.linktbon.click1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe23143cb8,0x7ffe23143cc8,0x7ffe23143cd82⤵PID:4924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:22⤵PID:3124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:82⤵PID:1828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵PID:4224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2640
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:1660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:4404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:4384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,12035981795381867814,7836532163016342217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4556 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3392
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ae7fbf62fc07f0bdb15169d2de3dc768
SHA19155eb973df31a7d6fb95f03058dd523171b4f0f
SHA256ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624
SHA5121539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a5e869975d65ad786022d6fc8b47b747
SHA114b030f53bc86bdbec766b2f3942804ca742043a
SHA256d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f
SHA512fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
192B
MD5279855afabaf481463aac9e305af7d24
SHA1b6ca5dd651cb12c200adaac4c72de0c109615ae7
SHA256984963389810918ec7f3647aeed1c6e41f34b5c8725da774309ecc43ee350e82
SHA51282bccb1788b4226e972f68ff77614a85071f92650824a305ab24aa5b00b855d5837f3949bbd59501c9631723d4307f7000462ffcab63b1b36c0cb19cc838653d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
338B
MD54588b412ebe49a5fde0062d776bb1339
SHA19d0afb7973b977cc4c2b590b9e3207dc7e7b6899
SHA256dbc9c718dd1ff05c1beab850829b2a51c2f56cd0efd605fe2aa7dad36ea6ea68
SHA51288c6de596c9d83cff47753b0b2ba7e09674950c42d34f7981af6d4532292059d77f6a9788a9679b59009fea474e7673b0cdc0684fb2f1bca4250358ee7d09af5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD58310fd4ed32a6220e80d0664b3605b0d
SHA18cb92531d7815d0a81e60b64315504eddef90b85
SHA2566df45b2e81f76ba966909a82f1fdeb6e6db6287a9c0cb4cbbded12ddab6fcbed
SHA51238f33a36d1b9dd2259e3273cc6041d0d73ef2ab261ff2262b5f9b426f1e281cd63e38d475155dafb01af1c86462ee67fe6ee5fe789bf64e37079cf1f4f6ab0fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59d64db878c02802060466d765579bd03
SHA1970704fa50ee4381db9c07ed104f651983288b3b
SHA2561deef059403b1ab72794b322a48299a3d60c1119c76a56b12a494536df47b042
SHA512a0bfd48983478f81817ac71cd5a4c9c511ad2a26416b6fa6b4da63e25b2fd72c0086657cbf3aa1dd85f7ade223f149b84501ac859692050aeecc7abe190138ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD583ce11b2ce183173274bd6a3cb830770
SHA105d7dba9b41309c2804d19defdba0f556859efe0
SHA256fbbeb589e21e928a0b3b78e473d2d5f6eff0ffb7f15564e27849e5f255fbde8d
SHA5126bdf8d931cc7f09deede189cac4f8e0df30b2c9ff5d59aa13f7022ced5aaa3d94c5e1728afe48f4dc5499eb716551be755c9d4274abee939d190d6913c432780
-
\??\pipe\LOCAL\crashpad_2180_NBJWRODWIOCJYUOPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e