hxxps://burgerboy[.]straw[.]page/

Analysis

max time kernel
101s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://burgerboy.straw.page/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 4908	3220	msedge.exe	114
PID 3220 wrote to memory of 4908	3220	msedge.exe	114

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://burgerboy.straw.page/
1⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4024 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
1⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4856 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
1⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4564 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5540 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
1⤵
PID:2312

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e4f4e3d4256d42308fd7d4331569bf02 /t 4008 /p 2984
1⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5d91986bh5848h4ffdha0f6h3bd45067c728
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x258,0x25c,0x260,0x254,0x274,0x7ffe8a832e98,0x7ffe8a832ea4,0x7ffe8a832eb0
  2⤵
  PID:4908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
5f4c0ec17f2c54f8cf25c5da72652366

SHA1
9d12c50815d1647da129e7a1aacfbca764e63e65

SHA256
b52b140b9e02990d8abb31c6e65abab11ad58315c0e40187d8b3b41fd823a4ae

SHA512
3aceeb30cbf2b8e9eee6da0d630af24307fd501b8c56541a2134934f5bd1d68bb86f0be36eb3fc9503fe1240ffb1a11174dd2213de2dd4e092ebaf919acd5b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
37KB

MD5
151ae87b22a2895eceb6e0ad6c6a9098

SHA1
dc40611dfb3b3c833af33c7a555587540a41451b

SHA256
aa37e4c54166ce0958b36926d7a9e9d3a0eb2acb8d639135a433a545d4baa4f3

SHA512
3fe84417dc601f8061876e3f5381c4feeeb844d99e110919dac0981e80f0450df1fdea557cde5bab66c16967afd7f8b6acd56d5a6e55778b4e4ce23d84ea7af7

Download Submit