hxxps://spikenow[.]com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg

Analysis

max time kernel
54s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://spikenow.com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
344	msedge.exe
344	msedge.exe
4852	msedge.exe
4852	msedge.exe
4028	identity_helper.exe
4028	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4488	4852	msedge.exe	85
PID 4852 wrote to memory of 4488	4852	msedge.exe	85
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 1464	4852	msedge.exe	86
PID 4852 wrote to memory of 344	4852	msedge.exe	87
PID 4852 wrote to memory of 344	4852	msedge.exe	87
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88
PID 4852 wrote to memory of 1396	4852	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spikenow.com/collab/?id=wC53IeckJN56yFHc6w4RQfaJ4V0Ggf1fRqNj9IHLCTg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff779646f8,0x7fff77964708,0x7fff77964718
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14001862998097024308,1883948292642329179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
483de3f88492366955824541b88cdaf3

SHA1
a807d7c49991b24453f3d6f891d1b4c90730cc79

SHA256
0d4d184d8213ecb60ec4416a947e75741fa5e634e0be27f5f2d46a1e840895b0

SHA512
26587dcc042d56eed311b8426a40f791e392c40d3d62dc81e5979d84d472689e594a935e0ce334efca70b5d380869d706b222d1644f9fa8cde34eba9522be49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed6bb3e697f2239f0cda62f24f4e7ffd

SHA1
66e2b1032fccf761897f1eccf271b9c5f8f4306c

SHA256
79d626d27b30f7f7319e46ee48c0923202a112e846042d39f6c8f21cf5828cdf

SHA512
dd97c8e7331d73271c669335cf5a3abec6b8114f6dbcc7af9dbea9fa432b15e25db59929f3f0bc389c4e1cf4cbfa6cb477fbb28477bbfd2faedb1cc0393e2d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
427d3d6a764777ee6b67747668a8e5dd

SHA1
ad374c36a99fed3f2d584822074bf1e3c55677db

SHA256
d16e7f06d92d79e4e35f6748bdc05ddaaa77e0ee85efd3e5050ae68c7df22c31

SHA512
f9257e35432b68daf99d4ce1eeafd76cfb726e5553ba258e1ab06dd51a3650c0268f75938e1aa3e205daed0d4165579f7f3b1395ef1731637f53a1a3d76977c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eb956a8406b39e5a68bcc3f3b201b267

SHA1
0619f45507d331e2dc2e5abf51adefc48caeb04a

SHA256
b1469f039ece91c53805eb57ed909126a4e174ef7d469def914fcc69f49b89cd

SHA512
37499dedf80b131c0327dbf50513bb591ee4f7c5f99b8743718245b70e53ac636fec38b58ff14b24eac65f54aeede5c879bd18fd86cd652732142e642a18e2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
8e41b0cd24c947ddcd14ca5e199cd6af

SHA1
b2434124f3f2e453146194c728e79a6ba9aff7f6

SHA256
1747cd6cdd8d24bb501d3da656bd8191b77452497f94c4a46f911c15af8593df

SHA512
c93063cc34d9a6e4a1b14a59e2717bab1da041e782b327be34bf411ef18bf4e5b17b54b84beae2a99dc0f8df2c792b615cd99230006796b307926630d4b85c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b67f.TMP

Filesize
706B

MD5
905fb9866aa5c2b5e28147db45b789e7

SHA1
3621557ac436447bc2b92f757b900556a4c6a3f0

SHA256
1725d0ffe2edaddb397d1e8889e5b9185b58cf32da01f1266eebe701e7392b5a

SHA512
cc9de891322f5cf0715c29157fd7e8ec1406307abe2f85222c3b1d6509597c2aa61f934cf66418c918331d86081d17574984e9ddc9c1040a745ea0118bd009dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c3c4b6413da12091988975431586884

SHA1
3d3e186369727a7569bbbccb88d7e3bfeb74dcfc

SHA256
a47bc8140ec6f69a925aa4dd438c00635486871b855b9ab615bc0d569631dd0d

SHA512
2fba0828672444319f2aad4d18b9ec68f7d6f5d9b9f991837b1f840e3fee1cd18529ebefd9a798c4c3b5f773a8b1f7895d7da3466dfb85b95eda00be1fbc4b0c

Download Submit