hxxp://indikv[.]com/jr[.]php?gz=wcX5tWvVepq9EG6478DObH49fkdXNzRLakFsem93akk4NFNhZ25WRit3MTM5WGU1ekw0aWdTc0pGeGYwOWc3U0hQbDM4NXl5UUVxcTNDRlVQYnhIak9pVXRSV2pHUERnT0g1YXFnWThHRzZQN2RCUDR4L29NcmJzVzA4dFJwQnNac2I5SCtyTzBqRUJ2U1pkS3JRcVJPS3NyM0ZWbWtEaUt2VjdvTVduNGNaMENkSFRkZUgyMmJuYkUxd2YzaWxOTlhqa2FjS2xORDV5Y05MN2toUnNGbHZRNWljenk3SnhOTko3OHVUeTdNL3drb2IzemhUWEpLaVBBRk13SEpQU2tobS9hUUd6VDcvbW1Pa1IzYlBuK2Y2Ymt1ZnlDUnJORS90dkQrMWVPY1hBOUxHTGR3YmhZcU44UnBheVkyVkJVdytDWG5mY0V5aTNLVGRKRVIyeDlJa0E0UU14bmttQThLQVV5Vm5jU0FsY01HSTlPa3ZBa01Ka1pyWUU3NGt0ZWtrK2J2SXJxRnNwQ2R1VStmVEVDQkJyUEcvWkNrczJ1Zmx1T0NoamtWT1MrdVhsQis0S1RzWGRNSzNJN1lmZDhueUp6Uk5iWW5TaFBoeklmS2pWYmRMNDNaQ1VvNDVwMU9nZ2s1Q1lZV3N5K3hTRVFoZWdJUXhZamRsNmhqN0t4UzN4Q3NwdWQrVzhCT3hzMjVva1Avc2NVRUY5SlVSQ0FERWc2LzR2bVpZeEVEUmlCYjhxbzlTcXVwRUphNmdZQXA2OGZIcUdkaTFSV2JDLzg1SklYaUVFM3FFOWNnaHl0VUpZMmh5WmtYTENybjRxbW1kSWwvWXpLaVkrbzZrRHZ5OVpzZmY0blgrbS9iNFM5TmVpWU5XdVpLdThVMGxnT25ITm1xKzQyUFArU2dpZUFsaXlGbmNJcHRaNlR6cjVCOG1ORDBnekRaRStUclJYNkVPbDNNRmFLc1dCclVqMW90dUVxdGp6bDc1QWpNR2VkS044Q3VtVGJZemswcDdLY3dlbWgxakh0NzA2TVhETmtGbmc2L2hVbmxZWXFjakl2dHlKSTVPN0xSbEw4LzQwSlJ0V0piN0M2OTZMSlZqRXNHYnp3elZmUHU1WFRsLzdpYnhCQ3NkTzlSanhDSFA1R2RTMnVsV3BlZUdBUENtMmh6b1N1amlabkdPWW1OZmNJL2N3anE5eUxmTTFudWE3dlFWRS81T3hmY0RKZ0dJYVBzNmh2SDJwdkh2U3JjYlM1czFoVzlWYzdQVUI4NC80REJpeHU1UUVOTlZqMG5UbGg5Z1dmTW9BL2JiTjZXdmQzRDZFRjNyYVpXb0tQSThhajRnT0NrTk5sa0pJMTBiTC9XME14U29aTGd6RGU4Z3BqeFRyQlhWNHBkZHRtbzNyTVFVKzlpYVQ2cWhGZ2Y2M0ZzNVN1OEtCcm4zU1JIN2w5THNJRlU3NWtkcmZjMDB1SWgxWVExT05qY1NQNlUrYnZrVW5RT2dSOVpLWlNHODNVWEhuUTZ6c1NhYUxmc2c5TWFUQjR2SHZBUXVhTGxtRVg0ZmVNelFEMzk0V1loRlhLc3FXd0c0V3I2Z0FLQ3NWOG4yMVJLZytlQ20xUWtPMkNFcCtScEUveG5XbUczT1ZGeHptc01aWWV2Q0VtTThZdExqRTlsZ1h2RUJLckVjcmhSRmNHZCtmYUtoOHVFTU9OL2VwU3FrUlpnZVJYZUFScnpPYmVVYU5DNDM0SWNRenBIbXdLQnp5dEorY3FCWnpMajdHbkdHN0JCSnFnVk9YSFIxNkFMWjQxN05hYk5rQW9DcUpoaEJEOElnWHlQeVRWWWxpTVp2TEpad0g2MmJyaVAvOG56d2hua1NOUE5RN1NzaE5hMXgzQjhOb2wySXNiWEJ1eFVkTFNIODRscTl0bTJqSVQwN3B3WG4vOWZlL3dTWW5zeC85SDdzdWowSzBrNUY2NUxNSFg3UXVPc3ltK0NHZEtxaFVreHI3THRkbFlGK3RKZVdPMDY2bW81c0ROb0dzV3JGWlU5QVVhOD0%3D&vs=1495[:]794&ds=1536[:]864&sl=0[:]0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc[.]%20(Intel)%20-%20ANGLE%20(Intel,%20Intel(R)%20Iris(R)%20Xe%20Graphics%20(0x000046A6)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&anura_res=

Analysis

max time kernel
135s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 00:23

Sharing

Behavioral task

behavioral1

Sample

http://indikv.com/jr.php?gz=wcX5tWvVepq9EG6478DObH49fkdXNzRLakFsem93akk4NFNhZ25WRit3MTM5WGU1ekw0aWdTc0pGeGYwOWc3U0hQbDM4NXl5UUVxcTNDRlVQYnhIak9pVXRSV2pHUERnT0g1YXFnWThHRzZQN2RCUDR4L29NcmJzVzA4dFJwQnNac2I5SCtyTzBqRUJ2U1pkS3JRcVJPS3NyM0ZWbWtEaUt2VjdvTVduNGNaMENkSFRkZUgyMmJuYkUxd2YzaWxOTlhqa2FjS2xORDV5Y05MN2toUnNGbHZRNWljenk3SnhOTko3OHVUeTdNL3drb2IzemhUWEpLaVBBRk13SEpQU2tobS9hUUd6VDcvbW1Pa1IzYlBuK2Y2Ymt1ZnlDUnJORS90dkQrMWVPY1hBOUxHTGR3YmhZcU44UnBheVkyVkJVdytDWG5mY0V5aTNLVGRKRVIyeDlJa0E0UU14bmttQThLQVV5Vm5jU0FsY01HSTlPa3ZBa01Ka1pyWUU3NGt0ZWtrK2J2SXJxRnNwQ2R1VStmVEVDQkJyUEcvWkNrczJ1Zmx1T0NoamtWT1MrdVhsQis0S1RzWGRNSzNJN1lmZDhueUp6Uk5iWW5TaFBoeklmS2pWYmRMNDNaQ1VvNDVwMU9nZ2s1Q1lZV3N5K3hTRVFoZWdJUXhZamRsNmhqN0t4UzN4Q3NwdWQrVzhCT3hzMjVva1Avc2NVRUY5SlVSQ0FERWc2LzR2bVpZeEVEUmlCYjhxbzlTcXVwRUphNmdZQXA2OGZIcUdkaTFSV2JDLzg1SklYaUVFM3FFOWNnaHl0VUpZMmh5WmtYTENybjRxbW1kSWwvWXpLaVkrbzZrRHZ5OVpzZmY0blgrbS9iNFM5TmVpWU5XdVpLdThVMGxnT25ITm1xKzQyUFArU2dpZUFsaXlGbmNJcHRaNlR6cjVCOG1ORDBnekRaRStUclJYNkVPbDNNRmFLc1dCclVqMW90dUVxdGp6bDc1QWpNR2VkS044Q3VtVGJZemswcDdLY3dlbWgxakh0NzA2TVhETmtGbmc2L2hVbmxZWXFjakl2dHlKSTVPN0xSbEw4LzQwSlJ0V0piN0M2OTZMSlZqRXNHYnp3elZmUHU1WFRsLzdpYnhCQ3NkTzlSanhDSFA1R2RTMnVsV3BlZUdBUENtMmh6b1N1amlabkdPWW1OZmNJL2N3anE5eUxmTTFudWE3dlFWRS81T3hmY0RKZ0dJYVBzNmh2SDJwdkh2U3JjYlM1czFoVzlWYzdQVUI4NC80REJpeHU1UUVOTlZqMG5UbGg5Z1dmTW9BL2JiTjZXdmQzRDZFRjNyYVpXb0tQSThhajRnT0NrTk5sa0pJMTBiTC9XME14U29aTGd6RGU4Z3BqeFRyQlhWNHBkZHRtbzNyTVFVKzlpYVQ2cWhGZ2Y2M0ZzNVN1OEtCcm4zU1JIN2w5THNJRlU3NWtkcmZjMDB1SWgxWVExT05qY1NQNlUrYnZrVW5RT2dSOVpLWlNHODNVWEhuUTZ6c1NhYUxmc2c5TWFUQjR2SHZBUXVhTGxtRVg0ZmVNelFEMzk0V1loRlhLc3FXd0c0V3I2Z0FLQ3NWOG4yMVJLZytlQ20xUWtPMkNFcCtScEUveG5XbUczT1ZGeHptc01aWWV2Q0VtTThZdExqRTlsZ1h2RUJLckVjcmhSRmNHZCtmYUtoOHVFTU9OL2VwU3FrUlpnZVJYZUFScnpPYmVVYU5DNDM0SWNRenBIbXdLQnp5dEorY3FCWnpMajdHbkdHN0JCSnFnVk9YSFIxNkFMWjQxN05hYk5rQW9DcUpoaEJEOElnWHlQeVRWWWxpTVp2TEpad0g2MmJyaVAvOG56d2hua1NOUE5RN1NzaE5hMXgzQjhOb2wySXNiWEJ1eFVkTFNIODRscTl0bTJqSVQwN3B3WG4vOWZlL3dTWW5zeC85SDdzdWowSzBrNUY2NUxNSFg3UXVPc3ltK0NHZEtxaFVreHI3THRkbFlGK3RKZVdPMDY2bW81c0ROb0dzV3JGWlU5QVVhOD0%3D&vs=1495:794&ds=1536:864&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Intel)%20-%20ANGLE%20(Intel,%20Intel(R)%20Iris(R)%20Xe%20Graphics%20(0x000046A6)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&anura_res=

Resource

win10v2004-20240419-en

windows10-2004-x64

6 signatures

150 seconds

Report Analysis Logs

General

Target

http://indikv.com/jr.php?gz=wcX5tWvVepq9EG6478DObH49fkdXNzRLakFsem93akk4NFNhZ25WRit3MTM5WGU1ekw0aWdTc0pGeGYwOWc3U0hQbDM4NXl5UUVxcTNDRlVQYnhIak9pVXRSV2pHUERnT0g1YXFnWThHRzZQN2RCUDR4L29NcmJzVzA4dFJwQnNac2I5SCtyTzBqRUJ2U1pkS3JRcVJPS3NyM0ZWbWtEaUt2VjdvTVduNGNaMENkSFRkZUgyMmJuYkUxd2YzaWxOTlhqa2FjS2xORDV5Y05MN2toUnNGbHZRNWljenk3SnhOTko3OHVUeTdNL3drb2IzemhUWEpLaVBBRk13SEpQU2tobS9hUUd6VDcvbW1Pa1IzYlBuK2Y2Ymt1ZnlDUnJORS90dkQrMWVPY1hBOUxHTGR3YmhZcU44UnBheVkyVkJVdytDWG5mY0V5aTNLVGRKRVIyeDlJa0E0UU14bmttQThLQVV5Vm5jU0FsY01HSTlPa3ZBa01Ka1pyWUU3NGt0ZWtrK2J2SXJxRnNwQ2R1VStmVEVDQkJyUEcvWkNrczJ1Zmx1T0NoamtWT1MrdVhsQis0S1RzWGRNSzNJN1lmZDhueUp6Uk5iWW5TaFBoeklmS2pWYmRMNDNaQ1VvNDVwMU9nZ2s1Q1lZV3N5K3hTRVFoZWdJUXhZamRsNmhqN0t4UzN4Q3NwdWQrVzhCT3hzMjVva1Avc2NVRUY5SlVSQ0FERWc2LzR2bVpZeEVEUmlCYjhxbzlTcXVwRUphNmdZQXA2OGZIcUdkaTFSV2JDLzg1SklYaUVFM3FFOWNnaHl0VUpZMmh5WmtYTENybjRxbW1kSWwvWXpLaVkrbzZrRHZ5OVpzZmY0blgrbS9iNFM5TmVpWU5XdVpLdThVMGxnT25ITm1xKzQyUFArU2dpZUFsaXlGbmNJcHRaNlR6cjVCOG1ORDBnekRaRStUclJYNkVPbDNNRmFLc1dCclVqMW90dUVxdGp6bDc1QWpNR2VkS044Q3VtVGJZemswcDdLY3dlbWgxakh0NzA2TVhETmtGbmc2L2hVbmxZWXFjakl2dHlKSTVPN0xSbEw4LzQwSlJ0V0piN0M2OTZMSlZqRXNHYnp3elZmUHU1WFRsLzdpYnhCQ3NkTzlSanhDSFA1R2RTMnVsV3BlZUdBUENtMmh6b1N1amlabkdPWW1OZmNJL2N3anE5eUxmTTFudWE3dlFWRS81T3hmY0RKZ0dJYVBzNmh2SDJwdkh2U3JjYlM1czFoVzlWYzdQVUI4NC80REJpeHU1UUVOTlZqMG5UbGg5Z1dmTW9BL2JiTjZXdmQzRDZFRjNyYVpXb0tQSThhajRnT0NrTk5sa0pJMTBiTC9XME14U29aTGd6RGU4Z3BqeFRyQlhWNHBkZHRtbzNyTVFVKzlpYVQ2cWhGZ2Y2M0ZzNVN1OEtCcm4zU1JIN2w5THNJRlU3NWtkcmZjMDB1SWgxWVExT05qY1NQNlUrYnZrVW5RT2dSOVpLWlNHODNVWEhuUTZ6c1NhYUxmc2c5TWFUQjR2SHZBUXVhTGxtRVg0ZmVNelFEMzk0V1loRlhLc3FXd0c0V3I2Z0FLQ3NWOG4yMVJLZytlQ20xUWtPMkNFcCtScEUveG5XbUczT1ZGeHptc01aWWV2Q0VtTThZdExqRTlsZ1h2RUJLckVjcmhSRmNHZCtmYUtoOHVFTU9OL2VwU3FrUlpnZVJYZUFScnpPYmVVYU5DNDM0SWNRenBIbXdLQnp5dEorY3FCWnpMajdHbkdHN0JCSnFnVk9YSFIxNkFMWjQxN05hYk5rQW9DcUpoaEJEOElnWHlQeVRWWWxpTVp2TEpad0g2MmJyaVAvOG56d2hua1NOUE5RN1NzaE5hMXgzQjhOb2wySXNiWEJ1eFVkTFNIODRscTl0bTJqSVQwN3B3WG4vOWZlL3dTWW5zeC85SDdzdWowSzBrNUY2NUxNSFg3UXVPc3ltK0NHZEtxaFVreHI3THRkbFlGK3RKZVdPMDY2bW81c0ROb0dzV3JGWlU5QVVhOD0%3D&vs=1495:794&ds=1536:864&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Intel)%20-%20ANGLE%20(Intel,%20Intel(R)%20Iris(R)%20Xe%20Graphics%20(0x000046A6)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&anura_res=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
780	msedge.exe
780	msedge.exe
5332	msedge.exe
5332	msedge.exe
1112	identity_helper.exe
1112	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe
5332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5332 wrote to memory of 1000	5332	msedge.exe	84
PID 5332 wrote to memory of 1000	5332	msedge.exe	84
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 5192	5332	msedge.exe	85
PID 5332 wrote to memory of 780	5332	msedge.exe	86
PID 5332 wrote to memory of 780	5332	msedge.exe	86
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87
PID 5332 wrote to memory of 680	5332	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://indikv.com/jr.php?gz=wcX5tWvVepq9EG6478DObH49fkdXNzRLakFsem93akk4NFNhZ25WRit3MTM5WGU1ekw0aWdTc0pGeGYwOWc3U0hQbDM4NXl5UUVxcTNDRlVQYnhIak9pVXRSV2pHUERnT0g1YXFnWThHRzZQN2RCUDR4L29NcmJzVzA4dFJwQnNac2I5SCtyTzBqRUJ2U1pkS3JRcVJPS3NyM0ZWbWtEaUt2VjdvTVduNGNaMENkSFRkZUgyMmJuYkUxd2YzaWxOTlhqa2FjS2xORDV5Y05MN2toUnNGbHZRNWljenk3SnhOTko3OHVUeTdNL3drb2IzemhUWEpLaVBBRk13SEpQU2tobS9hUUd6VDcvbW1Pa1IzYlBuK2Y2Ymt1ZnlDUnJORS90dkQrMWVPY1hBOUxHTGR3YmhZcU44UnBheVkyVkJVdytDWG5mY0V5aTNLVGRKRVIyeDlJa0E0UU14bmttQThLQVV5Vm5jU0FsY01HSTlPa3ZBa01Ka1pyWUU3NGt0ZWtrK2J2SXJxRnNwQ2R1VStmVEVDQkJyUEcvWkNrczJ1Zmx1T0NoamtWT1MrdVhsQis0S1RzWGRNSzNJN1lmZDhueUp6Uk5iWW5TaFBoeklmS2pWYmRMNDNaQ1VvNDVwMU9nZ2s1Q1lZV3N5K3hTRVFoZWdJUXhZamRsNmhqN0t4UzN4Q3NwdWQrVzhCT3hzMjVva1Avc2NVRUY5SlVSQ0FERWc2LzR2bVpZeEVEUmlCYjhxbzlTcXVwRUphNmdZQXA2OGZIcUdkaTFSV2JDLzg1SklYaUVFM3FFOWNnaHl0VUpZMmh5WmtYTENybjRxbW1kSWwvWXpLaVkrbzZrRHZ5OVpzZmY0blgrbS9iNFM5TmVpWU5XdVpLdThVMGxnT25ITm1xKzQyUFArU2dpZUFsaXlGbmNJcHRaNlR6cjVCOG1ORDBnekRaRStUclJYNkVPbDNNRmFLc1dCclVqMW90dUVxdGp6bDc1QWpNR2VkS044Q3VtVGJZemswcDdLY3dlbWgxakh0NzA2TVhETmtGbmc2L2hVbmxZWXFjakl2dHlKSTVPN0xSbEw4LzQwSlJ0V0piN0M2OTZMSlZqRXNHYnp3elZmUHU1WFRsLzdpYnhCQ3NkTzlSanhDSFA1R2RTMnVsV3BlZUdBUENtMmh6b1N1amlabkdPWW1OZmNJL2N3anE5eUxmTTFudWE3dlFWRS81T3hmY0RKZ0dJYVBzNmh2SDJwdkh2U3JjYlM1czFoVzlWYzdQVUI4NC80REJpeHU1UUVOTlZqMG5UbGg5Z1dmTW9BL2JiTjZXdmQzRDZFRjNyYVpXb0tQSThhajRnT0NrTk5sa0pJMTBiTC9XME14U29aTGd6RGU4Z3BqeFRyQlhWNHBkZHRtbzNyTVFVKzlpYVQ2cWhGZ2Y2M0ZzNVN1OEtCcm4zU1JIN2w5THNJRlU3NWtkcmZjMDB1SWgxWVExT05qY1NQNlUrYnZrVW5RT2dSOVpLWlNHODNVWEhuUTZ6c1NhYUxmc2c5TWFUQjR2SHZBUXVhTGxtRVg0ZmVNelFEMzk0V1loRlhLc3FXd0c0V3I2Z0FLQ3NWOG4yMVJLZytlQ20xUWtPMkNFcCtScEUveG5XbUczT1ZGeHptc01aWWV2Q0VtTThZdExqRTlsZ1h2RUJLckVjcmhSRmNHZCtmYUtoOHVFTU9OL2VwU3FrUlpnZVJYZUFScnpPYmVVYU5DNDM0SWNRenBIbXdLQnp5dEorY3FCWnpMajdHbkdHN0JCSnFnVk9YSFIxNkFMWjQxN05hYk5rQW9DcUpoaEJEOElnWHlQeVRWWWxpTVp2TEpad0g2MmJyaVAvOG56d2hua1NOUE5RN1NzaE5hMXgzQjhOb2wySXNiWEJ1eFVkTFNIODRscTl0bTJqSVQwN3B3WG4vOWZlL3dTWW5zeC85SDdzdWowSzBrNUY2NUxNSFg3UXVPc3ltK0NHZEtxaFVreHI3THRkbFlGK3RKZVdPMDY2bW81c0ROb0dzV3JGWlU5QVVhOD0%3D&vs=1495:794&ds=1536:864&sl=0:0&os=f&nos=f&if=f&sc=f&gpu=Google%20Inc.%20(Intel)%20-%20ANGLE%20(Intel,%20Intel(R)%20Iris(R)%20Xe%20Graphics%20(0x000046A6)%20Direct3D11%20vs_5_0%20ps_5_0,%20D3D11)&anura_res=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb718546f8,0x7ffb71854708,0x7ffb71854718
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8523297504449390787,9877593162490497304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b5d002e98030b91708ca859cbb62e78a

SHA1
99db9d7a1125dc5257c174791c34a4552c9e007c

SHA256
b105314de07613c9717b9c09e2ed2b9e87117e1377526c9b8ebc2456e60a8d6d

SHA512
59d2b89a23c8d042e50a4b69d5ad8518898bd60733208e8a5cbaf229f9cd64a98e5ed8ea5971dcff6dd937d7a414b7513f1927071f8e850f907db49ce8d67882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c75185baa5523a2685dd6cf06c943cb

SHA1
7594d27ff8c497d7b840a1235004b4ec68ea2745

SHA256
e2ca16fd3285f765c7d9d44f9b539597687a79b3ad7bf5371dbfc5f86b292d08

SHA512
81c62a83d4201b5aef360b8008e1a4a725d208c060f180bb9313a87c0231e67529ea6f5ac4daade903f884c9362b3891e8e3e91020773ea5500fb1b936a084d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
376ed6053f36c294687831543e21d53f

SHA1
90e177d076edc9ca30d3b4a7b0cbdb4dc8811d62

SHA256
9a2262933e21a17540e46b115a9ab0f7581906915dd9be2061caecaa8195f885

SHA512
cbc22db8c7ba5dc80d6486e5bba966c6ee2cf683be58aa3c75a11ef389c7b5867cbf600278f98e2fd36f87ff5fae8bd64dc798905e8e9268c4c83228dd802284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7003a2160130ce066d1717c98600ac6

SHA1
449a7f11bac21f30c737d1763cd2ba7774525754

SHA256
0675d9695ea3419d9df1813a0b534628783d2595f70b82e211c704b095e3bfe4

SHA512
27a9efa74a2f15b2514e1d19c837f860f86fbd5fd45da4859fbfffb92a7754e48b15b90f3fa0ae161aba120efaa98ca059cd10b7ffa6fc6a33bd9ac024d13eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99647119a2f15c22add977d332cd6922

SHA1
b4d8b5087c924f61ed2d65edacbadb8affd928ac

SHA256
48cd285b0f2df2a0bda3790a653f386706b7d770208436c2f44c26362b9ae075

SHA512
160b0d3babdced4e6c2cca875b05859b18644502d26c6fb43eb5ea1e0b155def561386fcc8aab6de060d0ea0a87df40756b6259f9be5fe851c064651cf7b7557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d8faa253e29d5d4c748546746883106

SHA1
3eb3cab1ece349ddad99b687316e754d6affafa4

SHA256
12af108c61b0e7b7865bc1df254818a777ba429da5255a352043fa8aa25022dd

SHA512
73741c5fa9d03fdcdfea2ec7eb4678442ecda341884630b7949aeb7598e435a5302cff1449f613d4146ebb06c68520983fbe162643ac6c21e9be30f59befdb74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
bf18b3f9c71f226eb3790a17a17f4667

SHA1
b57e4dfc3611390cd23e37360e44c8d9fac8ab28

SHA256
7a80613e941a049f45a16403f926955896769448b0209d1099bdea521273b435

SHA512
3c42757d303d11ae13991a56bc1908f7e120182a528428bf9619abd9cd166e2f198c3b52d73ae6bc31465c4a1e30e7442e5abeeeae76221ff65669cfdf872282

Download Submit