Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 18:53
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3692 msedge.exe 3692 msedge.exe 1356 msedge.exe 1356 msedge.exe 2864 identity_helper.exe 2864 identity_helper.exe 2508 msedge.exe 2508 msedge.exe 2508 msedge.exe 2508 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe 1356 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1356 wrote to memory of 4476 1356 msedge.exe 82 PID 1356 wrote to memory of 4476 1356 msedge.exe 82 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 4280 1356 msedge.exe 83 PID 1356 wrote to memory of 3692 1356 msedge.exe 84 PID 1356 wrote to memory of 3692 1356 msedge.exe 84 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85 PID 1356 wrote to memory of 1992 1356 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://learn.microsoft.com/en-us/windows-server/networking/technologies/network-subsystem/net-sub-performance-tools1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:2748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5847667844264584711,7591166176738298862,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d910add-15b3-42e4-88ee-e4c52194a7f7.tmp
Filesize6KB
MD58d311016d90fb616a19c96a9b1b2e3d8
SHA18d4d877756cdfbe05c555b3fd5bb250024963ed4
SHA2563116ebaaac630b669f49330f991e47e4aaca3f4dcabdf688155ced58fcdcb926
SHA5127fc476afa20facc6979e32728d565e874894a28641062eac96749e639c4034428ac6f95c01112393032fcfad7b14bad43981d4c168bdaa069e4d28896f2fd1fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD514b1e05438fb7a7d9b30535bce934129
SHA1a851481589c334c943588b061f8d26e9336fa512
SHA25693be8d880a95a87ea37824e7bdd989b7f825b4c7ace4db3906591c44c32cc8ae
SHA5127652e23749069e8085bc901e9b77e60424aaa2ad99d3d57bb88e67f7d2c44b16d6172855bec0ab06d71e1f945a452c1f8cf14927560b499a1f56d5deac1105da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD55ff4ba48f35330bef2e416368b0acb2f
SHA185b394b96924a5cd1ae3d970e7e7d30e1de1b361
SHA2569541aca9f33cd851bcc7a565f785cd2f571dce42cf622090d18d978ca8ea1bda
SHA51283b083f2acc1ff879a5a17c9a4d1eead921088d6deb3cb3a502c0709657ad7ab036db253ad31013ad52bf568759ffa3904d33a74f79fe22a6e1c4d81767bf387
-
Filesize
823B
MD55787f9e002187b6bdc2a1298407f8b41
SHA1aa8eaab4444f13a77dffbb7b88b2f7abf177f779
SHA25608fe76f2cf2ac1d55bd2315a9d9e75259e58e52c63846a233d26010c45a54033
SHA512b386dcc2feccdaad1eda3131a368b7699ad2d070645fd2685a58550ff6d133e08823b05aef56e9c163c1757c9cd786546f7b7a987b9911b6f47e36a96701be71
-
Filesize
6KB
MD547575b2069484e2b1c376b7224d0fca6
SHA10c5ed9694d3f8014d06f2714f52da9f18325ee53
SHA2566e10103d7db9511b00e99e288aca9d4648adeaa2651bc7869657bf2a407d4ec0
SHA5121ce211480c1c6b5f7850e5c009a978c33c398f10a8ace8072dc9efc213698e614f6e9c7aae2a706c190f7e8f225da786a24b1a22e046449c77c14e567e417ff3
-
Filesize
6KB
MD5aed5e8294c23e8999690d2c0a9e5da4a
SHA1c5e584be9ae3228198327ca55198841bce496092
SHA2564b1e4cb17b03a738e68f8a028e21ddbf09cc31be3004c9e5678c91e7bfaef5a4
SHA512fd3a730dffcf4af2b9f35332522e143c6d5a7a0edd928e11ac61474a0b32ebe4387c5f616a92f5a2fcb2db17a94a5135763c352189a4620fbe356f256384faa8
-
Filesize
1KB
MD5569f76f07aac73dd465f394a19b8b43b
SHA15d24fa09dd86bd4d4ed250a448ea5026790024b4
SHA25645bbccbc13bd9a731ba99fa2c0a66520c0adf4acf4f5912c10648f8fdfb8bafa
SHA512b59c3884018ac1b2cf5f1aefe287bed11c2ad54b342bf5368e98b010618616b2937e3e0a60b9fd878d825061e0f92a79729d6488dd9b3cb1dfcad9b94d46feb7
-
Filesize
371B
MD5d15152fce97cdf3dceff3f43c7e036c7
SHA19da43d6f68e734515e20ce86bed59f085fbf75e6
SHA256cfecdd96e5400178b24aa64d5b20bdfd9ae52e3862359e25e78d740707fe484e
SHA5129b9056fa5084ad0766af1c4cbaa74bf2e12d4f454bbe6a62132d57e126f1dc7533745cf441c6cb4c2503850059a99d17728cac5e0fedce18a7f6f8ded1630e88
-
Filesize
371B
MD58272bfe9c70cdd3164e8a74add236473
SHA1861a9485b0ffdcafea9e3cc40946f8e386d3e4bd
SHA25658b36438f82bfb15d73c72609debb070d91fe88c29d00cd73c8ffc1e6323b537
SHA512194b49487a667254274907dd178d02651295201e0f8fa077c5e6b77ec9feee1aa495fb46bbd6b2b1489da15b36b7d3c227fbd23bc882504541310ecdd211c617
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD531793b7ae594b93762974c818b00bab1
SHA1b87902ef792dcace013aad0309064cee62611eb4
SHA25604a42e87f3d34522dac7f04347c37e77f879873478ddef9be744c0147b085fec
SHA5122a493b0c03fb7f229c8f91de03f8e0dee6d38256c95ffca3e518f35d0e89e4e9252c62bdd67be307f14bcdcdef074f25c6da404923edef206cf3c135f299a3cb