Analysis
-
max time kernel
114s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
17-04-2024 00:09
General
-
Target
https://myapplications.microsoft.com/?tenantid=0fb730e1-89f1-4035-ae89-d327c0f1d87b.
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://myapplications.microsoft.com/?tenantid=0fb730e1-89f1-4035-ae89-d327c0f1d87b.1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe322346f8,0x7ffe32234708,0x7ffe322347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1960,10884134830493336625,13067672615444173813,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3344 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
Filesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
Filesize
192B
MD5be5b27782891029754b0d512c307df72
SHA1f608d1fee6c5d918568fe614a94a96a41f00c129
SHA256861b6c1b5f58ac4ef6a5c6ade259c5470d953aab77174355ed38a384e15b52e2
SHA512cb236f543a9667ecaf26f9fdd3e859e5808ab06480e7e5bdd7c66a02cf407fedbeadb932cfd489b37fd3943954a37257aaa26a937f13bd3c7073ec7af8833238
-
Filesize
362B
MD5f79fc2f6212b54cd0f81605dec640d2a
SHA18c9269a447eb401a7144ba0b08f07047d7aea551
SHA2565b46d1b218999700324884f4e2e2af8987c0d534cf2873f164e5c2a4cf0a2371
SHA512a624ff9ed2b46f4bca35b66837d89d8aa57221637894f11ff32072ca7d179270d6f16b026bb4096c41db2e714831ac0aa95a9b3404d1a6bcfd1ec98be4b17e1b
-
Filesize
362B
MD5ca4f146699ed2a1bee1c90c53fe5c333
SHA1537b55da4632b1149bad7a7cf412709a688500f6
SHA256e9cb76c3e4f9f45f7f67a7c3d9f70cf00f396d5777594727e1aea1112a07c6cb
SHA5121221bf985cf39884e6f8084796c19e799ac3b81274c67caa1db8e2725ef1d483a1ab6a4e582bbfc9d76d162c5d69990eda2f50f097d41072ff5ece3a63d3f83a
-
Filesize
6KB
MD53aa71e3ae2a830ad39cd2b4def7a94d2
SHA1a98c702951e7ea25affb3904878997d628b75354
SHA256e32d314cda106966625dcefa6a2db4dd4319ed705e4e0c260551801a805db87b
SHA512e4f3cfd03b9c43f5818233ea0540741b2db842a69566f64c4365529c1bc77a6891cb056dde5612a6af1f2619dfa8e375bab08756f5ffa4d21042ad8f205b87ab
-
Filesize
6KB
MD5a31d802a25ed4c31327a90007e326690
SHA195f5610823c81faef26a56d1a876b5d305fd9a2f
SHA256c29795ade8ffbef362d2f670311a0f9803ebe2f86140227a6242c1dcfab339b5
SHA512656be52b44cf4121eeb868c4a96f7a1c2e6bf2e29c219b1fcfbf07726d9520b4e9f4175f405eb784b1b855d7c1cffef78785ec53e7b481f144fa09ffc29199ef
-
Filesize
6KB
MD55f13da80e8676d8165240acf091ed0a5
SHA16501602c54305c480fc3130ffaa4810e7a0c8030
SHA2569916605d14d88970ab0a499d042f1979dc8817ab4de7265513d1d94bdb49c3dc
SHA512715df317bac043ba48eee2feccf5f96ed6e3c14993da55599d9e8f30502d0436ebdf69b2db0239476b90b889c75382ffa8f96cfa35c5300de7f71925ef703da1
-
Filesize
6KB
MD510ed1dbf254f7b2c6d69ee066ec0ae87
SHA15244414c5c4511e165624ec51af609d8e01f98dc
SHA256eddaad32a3c59282ba8403db96b45062d8bd8ee39b6dae6c16cfcb31c3bea2b0
SHA512fbf254350b5c04b2e7b4b2d872dc4e6efabca14c1faebdbf1984d3e8a7b4afd72f53c9f2f2038622fb5f38bc083faccd22aea556aebadc280c8b4a2971ec450f
-
Filesize
6KB
MD55f4d64875c2c0b51af069d4b69102d0e
SHA1474f5627ece9e990bf78823460bec8f8c3df266e
SHA256d80989c75d59b03e4b424c87fc243156c422c76aeec7a61314c7a8b2326ba7d8
SHA512cd0006dd02c9197041b6bd63f037c52adac9cb6c9fce033748046a3b032d35d717ecab004c02287abf4a5965572ea4c178dd1e7f1f1bfc948e11bda817d469fd
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD510fc7daff2240c5055f2bc47b500d23f
SHA1d99295a55d78465cb993644cd471d849d0ccdaa3
SHA25683b1272b5429f9c647d0fd60c728127a445abb9b15a54230b0dd2d039f83dd1b
SHA512ef20d25697125f3abe4241cbe438373702e50238f41553d59d70a351dbcc6405c7bc68c8a968618974d2684656b241c5d95aa467c044b47b71268b93751687a1
-
Filesize
12KB
MD5ea5875bc927497e9539664d6f545dbb3
SHA16d4ac74169c8ecb2e5799b33db3f335d83e7e61b
SHA2565039a09c9264ab8104b2fa12971d401c2081fea45c9b430ee97ebf0064ef4c10
SHA51245d603d09ecb13f70a5423f00a0f5c46cc08083759cf45e383fa2fce6fbf4e958b1afc8597a4bc0d7c259eb64837c1c67c69474c306c9eb686191fba6006b55a