hxxp://37[.]48[.]224[.]34

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://37.48.224.34

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
1616	msedge.exe
1616	msedge.exe
2092	identity_helper.exe
2092	identity_helper.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 3104	1616	msedge.exe	86
PID 1616 wrote to memory of 3104	1616	msedge.exe	86
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 4852	1616	msedge.exe	88
PID 1616 wrote to memory of 1308	1616	msedge.exe	89
PID 1616 wrote to memory of 1308	1616	msedge.exe	89
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90
PID 1616 wrote to memory of 2504	1616	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://37.48.224.34
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9142646f8,0x7ff914264708,0x7ff914264718
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,4306845909701969767,12620456065862740317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9742a2a9ceba5b099c2db8bfebb79599

SHA1
ee2c4eabf561630832af44e99b0f979ef15efe53

SHA256
27156990e51b0e3c186d05a8a7411ef6534103d04b0649febb78d99edad27492

SHA512
0a38dbbc0f695028162365dfa70e36cdffcf0e7841c2bb46bd11e387bc2946ecb74b6c7b4cf7b529f2f08bf0a4129b502326caab323ccfa5a19cb1ad551092ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
505B

MD5
266bed4a85e3a9ac43b3bb854c9126e8

SHA1
5dae66bb6bddd7c451c64bbe4e236ece35fd2f54

SHA256
eaceec80ba01787cec67dfb65afd284a74469d5eaa20ae7f7604e4afb4e5e68c

SHA512
2bb9ad0de371b4010cacc7baf295548e1be9569e882ea1244106a230f23366e803753d8e5b05ad425e3cb7f73949152686f8ac244b1fbe786c0a74fe0518e726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9555eaff276c307823fdd88e04360487

SHA1
3d69b15ab311b72d7a7dbff1af715208d1bfa153

SHA256
5a1c489dab4756eb0271e5612a805a9e5e0de1c4e2642dba75b35d3740d41e57

SHA512
09831fcf43095cb894627adb433aa11c85e57649000acd84f8c90dd43a6ba522a2612c7d3025bcea4f6ce17c4ac608ec13bd827ee04793e143d84031151481f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53ecc53b06beeb33b546e353c8b6afc5

SHA1
643e9a8a53877fff06511a4978cbdf3c21be27f3

SHA256
f438efa7328315e86f840bd8264e73d23a9c289490efdb72f55c3a3dbed527b6

SHA512
ae3dc9172cd3542c86aa4196c7cd0e821bac6f6b9984528fa5df658dc4af4704f3f851be40f5ea196f64354d6f147db4026e024c0c52a3fc067da46911154d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3bba229dd7b8fc0ab87dd8ead0208d5

SHA1
409535589282f75c1065f0d8360a2a7677c57776

SHA256
f6704138a67387f28869e52120c8c489e14b15558d91c05e93e445a2ca83f204

SHA512
bedd2fd675c477a58ba16c7fb61aade0cb07563875a323256256fcf4efd388eab00f4a050dfde70f8bad1528abdef331f202cd6217825c7ed74889ff924b1a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8390543af2b112a546bee8a628a5a7b5

SHA1
5eca273dc23e9d91bf5324e61c628ed6ea8d7b91

SHA256
2b62e79e9730c46c50ec936f13c08da293e986e9f453e3451b596413750d3883

SHA512
9c0e6992088c98c4485b3f400ad030433956e6d8fe4cfefd5b0f6b2710c98107c35cd6c11a4ee923b928dd7169ae98a92d417e7740ba8eb8b9484a72e7850952

Download Submit