Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
29/04/2024, 10:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://digltal-authenicatlo.digital
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
http://digltal-authenicatlo.digital
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
http://digltal-authenicatlo.digital
Resource
macos-20240410-en
General
-
Target
http://digltal-authenicatlo.digital
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2932 msedge.exe 2932 msedge.exe 4452 msedge.exe 4452 msedge.exe 4508 identity_helper.exe 4508 identity_helper.exe 3552 msedge.exe 3552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe 4452 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4452 wrote to memory of 2724 4452 msedge.exe 80 PID 4452 wrote to memory of 2724 4452 msedge.exe 80 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2576 4452 msedge.exe 81 PID 4452 wrote to memory of 2932 4452 msedge.exe 82 PID 4452 wrote to memory of 2932 4452 msedge.exe 82 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83 PID 4452 wrote to memory of 5096 4452 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://digltal-authenicatlo.digital1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff058b3cb8,0x7fff058b3cc8,0x7fff058b3cd82⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1740,15513426972670884613,14050466344647279286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:4240
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4784
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58d5e555f6429eb64461265a024abf016
SHA105a5dca6408d473d82fe45ebc8e4843653ad55af
SHA2560344fd65882ba51695a10e1312e65f08d58afca83771c9d545e181829d6b5ed1
SHA512be5edfdcda1ba0db9fbab48ee1b643f1b03821e24048892d18033094fec14171035179e987a08dd91a1c25d91d9256837a4105f6765afd225a868f3e95050b8f
-
Filesize
152B
MD5b5710c39b3d1cd6dd0e5d30fbe1146d6
SHA1bf018f8a3e87605bfeca89d5a71776bfc8de0b47
SHA256770d04df1484883a18accb258ecfa407d328c32c0ccbd8866c1203c5dfb4981f
SHA5120f868e4ce284984662d8f0ff6e76f1a53e074a7223122a75efa7bb90d0204bc59bee4b36c215d219a03707c642e13f5efce0c3c57f46659a0cb1e7fd2f4d3cf1
-
Filesize
5KB
MD5f1b2fc91e66698e4ea7a5716e930a8bb
SHA1205796383ea018550ec6307a4147ebdffe7a6cca
SHA2564476895cc0ebd7c6f1e08afc3345698bd009264ca99e68df80fdc19150941d42
SHA512c946943da67eadfe0c98716480d3a705d71b5e2f713f0607ca2a38d8120c575977d63d4d59f128f088e1af0b6fb3d8360cf6c0d63e54f948e1a4761960b98478
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD5e79638d0fb3b4af5c7d9227b65a0ff5f
SHA16b2cdf9f43cabde7ac83e9f7e4d085d7dea1c31f
SHA256c7f08379f771d6c36e6a18ba041f722f30956c464b499b3fd951da0d23225678
SHA512f085803aeaa51ec516c456313250e832c8a4e27d091efa4336c3157cdc02a2a8c864e55a2d1e23f3d4d51c9d078ad740160e18644a127f2d2cbc07f9ae9b36f4
-
Filesize
8KB
MD5fa825e0058601928c19284e53378a795
SHA1b62694ffd87870e2ff0089594810f27a02e368dc
SHA256db2da856890d78d9b916f51c8a5f2d425c0607556d4c3b43c6aa41e705dba951
SHA512bd02a7aefcaf5a39c8a86794c80cea800811d6da5ad8b83ddc7d27900ef7cab2372d753db0aee7463e4e9d0e87d249e5b648d716163499c398d9aa27ddf566df