Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 06:37
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 4640 msedge.exe 4640 msedge.exe 3432 msedge.exe 3432 msedge.exe 2148 identity_helper.exe 2148 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe 3432 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3432 wrote to memory of 3664 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3664 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 3464 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 4640 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 4640 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe PID 3432 wrote to memory of 5076 3432 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:AP:44f5bcba-feb1-4bc8-b7c2-96cdaa6562371⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff981f946f8,0x7ff981f94708,0x7ff981f947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2616 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14851583512013967629,16270611490243551692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e36b219dcae7d32ec82cec3245512f80
SHA16b2bd46e4f6628d66f7ec4b5c399b8c9115a9466
SHA25616bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b
SHA512fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5559ff144c30d6a7102ec298fb7c261c4
SHA1badecb08f9a6c849ce5b30c348156b45ac9120b9
SHA2565444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10
SHA5123a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
864B
MD553fb58d4e5605d179cd1552c37d27b7b
SHA173d23b0343d7a76c96f7541777676a8fc541bc22
SHA256280753517f94964c5808b3df6d14f1bc39733dd29074a18fb9a2e4f970a9b5c5
SHA5125d105ed24ade3ebde98223b90c99d42c7abc1cd501478ddec165ecba8a7de1750510bab02705f266cdf8a3e3df5f7df82ecd03740b80a21d4f2872171d9a7d45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d4067f713a54df8a2ffdb154920eedfb
SHA122e6227e975ed9e1210ec8e5ba847124efb9e246
SHA256a18f552068d8bab72be6e36e37fab698c05a3b0a446a4b13d8183db01c35fc79
SHA5121181765df9f936bf5dfb027c494da75bda9fc1c8116338a6debed324bacdefd8c021d24fa5853c94582c227e95eb1d0e6074d32ddc9e21ee7761b0f94c6f0a2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55e2ad83dcf8a5434eacde54b7cd7510d
SHA174f15b67f488f55e1c58012808c22d35221bbb2e
SHA25652bc0cd0622ea9bc6b40a0adc304ee47a6f246ce03eff51ac40bb1280f24a1c0
SHA51214aea7c4977cddf09dfe69b403673bb1db9aabef47dd75b85cd13e845c38f554157adee7459a627ccc3394d81fb10571b02d88e6ae5bd0e9c2b23aa69bd3a3b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54a99efbc33c83dc2901bd8044ce6787c
SHA17b6eaee459486d0dc743daea67f7c701481a80b0
SHA256fbeab04fd92178e4c7aa686b395a03671d20eb88f524177f2cfc81fdca13c493
SHA512de88367ed818929cb83feaaf5977caf9dbdb3afe3514fbb5a0286e0bb5cc2395b1809792540d24d495debf8478bd6306a484d799864ddf8c34107577d1017e3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51b900e7f0418583de5beb3f87bc5819e
SHA18afec941f710be4f8f442e3673fa60d5035366f8
SHA256eb0945b1e5b0727427ffaf1771b460e71d6a7ad7b39a80d80b2698822a19b65f
SHA51222b83d1bbc8d8f8e1b3a997ce2fcb26236dee96fd0081d67e992704ba2ed5a2585ddbc1ae25fd321d93d7a991e68f285b7f098ec37edafc8beb16df26e18fed0
-
\??\pipe\LOCAL\crashpad_3432_OTLPEHFIGSWIZXDUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e