hxxps://scnv[.]io/8X3o?qr=1

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 13:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://scnv.io/8X3o?qr=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
4012	msedge.exe
4012	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 5028	4012	msedge.exe	84
PID 4012 wrote to memory of 5028	4012	msedge.exe	84
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 4480	4012	msedge.exe	87
PID 4012 wrote to memory of 2952	4012	msedge.exe	88
PID 4012 wrote to memory of 2952	4012	msedge.exe	88
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89
PID 4012 wrote to memory of 2908	4012	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://scnv.io/8X3o?qr=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae46b46f8,0x7ffae46b4708,0x7ffae46b4718
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7489287115105435737,1726834613706883827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\21565501-b4a3-4910-98dc-e7f8629b4922.tmp

Filesize
6KB

MD5
f791e6084ba6db5d9ef75888535465fd

SHA1
edb9dde057423e01814739f80520b8c45a49facd

SHA256
84c04ae1263f254a08982d3df685317b4b358696ef749d5776ecdd16a2bc1622

SHA512
eda5d3da3f1a4d3b10abb4dbf17afe269709937327500498ade500e2c71355181d24912e4a79c732bc007a46c1cd5e29709423408a74da281f08b85d749c5279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
362ad92ee5f88843d4d1229684385d51

SHA1
1a1024f6a289d9f4f6661abdae6cbb9b4772f105

SHA256
bf4dd44dfbffac0a2f2366124d2bedd7a5a0393045643d98072e800f8d942c3d

SHA512
6f7c3e5797f101fc06ba3830976ecb5692bb0f26ead38517ad50e710b9d7c8af001fb3dcc8fbac95569de5fbaa342c07d5ae2e5c91bb33f1e16b82f55b8d103d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
570B

MD5
3b0a37b0667c8876b293d21071d353df

SHA1
9610501120f1f12bd422b03df94df4fc3fe4dc6b

SHA256
1cfd19b1311db18a99d4ac71ead863d1c4aa189407076cc004c52a9c3d369cd3

SHA512
85c6b479828c83fe629fdc47ccac6833a5cf8d7330a18750de33caba1155469d31ade5f83a60ccc20285aba1bb8b49d2858af869f403a892cb8c28e84f795784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0a2a1ff5aa445af4de9499a0bf02e70b

SHA1
d0dbb3f550893862804f62e995b7a7196c21f1c8

SHA256
ccbc2c6af4f404ebffd796ddf1e682a8d74e81ef95bd891d211d29840b0763c1

SHA512
db6eb9ebabfb27b5b0daab32dd9a1f75920f2373ffc60d0c68d61527afd0653a5518a367f0f42b7b317048265ebb1e1438069057b5f2b5480c8d012346cbcb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99dce46c0c4f15f131366371358d7ebe

SHA1
b93cb5131ac28a08f2783975620c5baf3bda7258

SHA256
2f8e6a7ffc882f3c9361268e68ef5b3c184b1ec74102e11c63c583ad685420c3

SHA512
0a0f84f16b3f5303c10a130097cdd55b75023d5ad7b1314b02d235e8c9b52ac100dfeec17b6e26d49992bd6ca9d0d86e796763d708a906686eb794bb3ce4c7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
899adea16b42ba44d79ced285bb21c7a

SHA1
616c5e022732b0582890eb0e66e065ac2032e360

SHA256
3f7365e7211794323e34857fdbe9cd514f4a969cef7d456b89849beb48e94444

SHA512
a0ec94b814c1ca61c5ee68c543c89c241734d604ca9f7f815b39629bf7fc6eba670acea814d0f9830a42536b02716f993e83bd6f7d6915121836dae739be6721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578c71.TMP

Filesize
371B

MD5
36445714f2bf449b6d81dd853bf67036

SHA1
27c125601d59cdbd15e40f8d5f39fd6c54d2a2ce

SHA256
e913c5f126264a72fe3d83598db5e1e58291d346ead9c1bf518dc1d0703cf84e

SHA512
a17d8cf5c648026d351e3aff448decb2ca8f134b0bca91ddf3ff9f7b283f2be7fcf06cdebf051882d8822d6252fed0557ed1ac6019328d4694c6fcefba0ccc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7708e1ab970df9544a86930cd9af73ca

SHA1
0f8c75f5783d0340e453a01e397e2dc4918a097e

SHA256
6a268d4459de9f7e6cce0e10260a13020c338197f99e4b692ff5a454086b9282

SHA512
0c18fe0628cd860aef9bd0848965eafb37d2ede95fe9ad3ffde405da10aa25d6f64852a06f98ed8b60dfd84d343a9ad86131cb75f76a3550dfc289701f124e93

Download Submit