Analysis
-
max time kernel
18s -
max time network
19s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 06:42
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://adprode.com/autoeichhorn/Perso.htm
Resource
win10v2004-20240419-en
General
-
Target
https://adprode.com/autoeichhorn/Perso.htm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3332 msedge.exe 3332 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 736 msedge.exe 736 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe 736 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 736 wrote to memory of 2944 736 msedge.exe 84 PID 736 wrote to memory of 2944 736 msedge.exe 84 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3824 736 msedge.exe 85 PID 736 wrote to memory of 3332 736 msedge.exe 86 PID 736 wrote to memory of 3332 736 msedge.exe 86 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87 PID 736 wrote to memory of 3120 736 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://adprode.com/autoeichhorn/Perso.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf95b46f8,0x7ffdf95b4708,0x7ffdf95b47182⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13488377031005511350,17953822346077646324,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13488377031005511350,17953822346077646324,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13488377031005511350,17953822346077646324,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13488377031005511350,17953822346077646324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13488377031005511350,17953822346077646324,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:2224
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3528
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5c4d8afa0ace4c8899aa93be1c188119a
SHA18c8b7ca97dcb710d18c425774571ce0745d9ce16
SHA256174e82bcd7e952db95ee764430f6b2d49df886e0866c6a9dedc8bc9594dc42dc
SHA51252e8afc7d9f18285007ef87c2d44407e71ce657e4baba5a3334d194528254dc541607196f943418818361c7e2b8d8da2d9e0e615ccddff2bf5080e858259b796
-
Filesize
256B
MD52bb2d651d6e80bc623ae0cb3a178d8f1
SHA1c8ea4e2f723e99d01991487f7a6ef65d3664a012
SHA2567ccfb3c6158850a656242ceddd73e2e6cd2f43f3c5a478ec55d6d1f6983eec76
SHA512760a69dfaaa6e34b643c3a8a7f2e4e19d73a89ba021b82d823709fbe31251d93247d4ed85a013c570bfeffefa4ec91dccea337ab58302365d63b47c0d89ce8cb
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
6KB
MD5311dc41157f699eb444f6583087c9ab2
SHA1ff4b4e3f4ef0880fa4879e46f71f180026be3ece
SHA2566b3d9983ce4dcc488a50d55f306d6130634d3a6ec0647da38070f9660a5a0326
SHA5121bd8ab0da3f28e8744cc342ee1e648524ac02e6390325ef2aabcdc6569d624939e7d0e188094a217ee1bfda176ebe19039df505deca61122938f4a23bc6230ff
-
Filesize
5KB
MD56728870656f32db221551f350cc0b3d0
SHA1f0022357131f6297c9219af9a01e780c437a1322
SHA256340b3c8b022a126562cc19aae7ffdb549db627714d869d461b0b7f880a610fb1
SHA51273eb69446eb792f233c19d55b4cb77f6496e47933f7c24d1caa8f1e058a251be51f790b3af5432fac07d2798dea0bf7313bd62b944ef19c5fb7dc801a3fa5f4c
-
Filesize
6KB
MD57134dc391f853bb691cbb98618756813
SHA145c2cdf6d040b8f786b83b08cb302828d7d0202b
SHA256b8da4674ace278407ea5c86a9b5dda4fcddc61001b8fd8f1ad44c3524790a93c
SHA51265fafe1c89590561d6b796277053d990a7f587630429dc3179ff7fa3d95a5dd462c8d5d19fdd56d36c72cd7bf31bb0741a943c8c5ee895777c09a03d41ecd131
-
Filesize
11KB
MD5f45f703f7897de3a7332b994223f175a
SHA12a164a76adb92f1b312f1d8203b87c7c692df16b
SHA2560b353eae447904a6047b8d1fbd3830bf94394704d049683d7c8c3ea8c7cc6782
SHA512eab1da1464bcc21cf667a7ddb0dc836df17545b87eebf9279b3f640f47a1c7abbcbd9c485f9da9b16740939976baf20fb45ccbf089b019aa15240117de415207
-
Filesize
11KB
MD5db0f0b3485b6acf7b8b56f5992d1d40c
SHA16cfd6b6d51b0f865b1acb4072a63a6ed04389a5d
SHA256dded84bf9ecf24dba2ec16f1ba3c70937e03a3d7fe20f666d6af68254368e4d9
SHA51272545d7d61a7dfd6ce7b1b78703d771522bd3b2868623d4f717b541849bcd84087e547484b914b5aa4afef862f93c994f716af09cdb2acaadf8563f6b219926d