hxxps://tinyurl[.]com/344fczr9

Analysis

max time kernel
1792s
max time network
1793s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/344fczr9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
3852	msedge.exe
3852	msedge.exe
2692	identity_helper.exe
2692	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3668	3852	msedge.exe	81
PID 3852 wrote to memory of 3668	3852	msedge.exe	81
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 224	3852	msedge.exe	82
PID 3852 wrote to memory of 216	3852	msedge.exe	83
PID 3852 wrote to memory of 216	3852	msedge.exe	83
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84
PID 3852 wrote to memory of 1320	3852	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/344fczr9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9904646f8,0x7ff990464708,0x7ff990464718
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2471638209305272362,5632038884043296628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7b21c4777f89bfb046500ed38670df76

SHA1
836d489a84c0a6aab6de98ff501ecd7736eb759b

SHA256
08e1c180de44955d0cca250fe8830a00ca5da85a082c4eb35989f500d145a2bd

SHA512
68a94d8935b5c1022e18f064ddc463a1b195cf158b2dda3b81bfcbaca4da4e46eee5cde724e1a31680dd0deb372a41fa2965d12ae3d348bbe5e992c51ef806e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2a03a6666938a6f44c86407df44281cf

SHA1
35f75d5b0f13e7f66320e5190ac89cbea9994ca4

SHA256
720aa898551009be059fab87bd0809838f2ae4e2914c1a094949a60d08f638bf

SHA512
c3850708068e868f08a0382592d3b771da390456498c1b3166b78d8a7f834293dc961c0251a7f6e08372d2b5fdc585af7acec7bb7b0b831b05c4ab2f759599c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2cb9876393171d98d88dce9c6d8c8d2

SHA1
ae5be904d41060777867a1a9cf01a394fa999912

SHA256
4cefcffff07bc24312de9feb97ad14ede6ed854650953dee67e9aa0a3c2b4f84

SHA512
1ec0e8cb26b271f56b655d9f9a0e4e8b9acfddfb92695f2f0470df4a357e8d6f90e13f90dfa12b0e31b4c5a5584d828b0b943fe33d36fa6d4a37d1130581355a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
506e2b28e058a43f865670a87270446d

SHA1
2272f8db4dc5279de041e019a86e640f30e07f8a

SHA256
e350e5508e0b78a50276c27bd7d36b4618a9bb143d3f2d825d72623a9583786c

SHA512
75db7da9563249f2190c837cba99ad7f870e41a953253e66753e9b122e90e2dca1b1137507f4a763437d4949792ab279047eb3c9ba421f7d41326abf408f70b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62a421b7aa4cb1c31fd07d9ea6c0c662

SHA1
49e809051c66b1fb9aabbeb5c862e57799673dc9

SHA256
25e2f3dfe561b973d3c2f5269a06cacedcd85af41c53735f121fa880e6292643

SHA512
1d951d6db764f5c5b03930c2df389281d611e6670abf53bd2eba7d2105e52f6eb9a4ec054e9c0ce00e1a2b5b1e699ded07c842d2eb392df7c563f17a74aa3ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1796295a1777d5df8a1cab2c83979167

SHA1
c1fa1d4ab1f0323506768934aef128ccd613166a

SHA256
d32379cf737016d00de9f99947eac40b67d02d1276b20aebd11104746cdcee43

SHA512
c3f67b013e8796e642126aca672ecaf49fe0dd3913fa7b1951ccc9fc06e5e29d9700db54fd3ae5faa7723533a11fd5c8bbe79e70c7519c1fe7f1b42f36248e3c

Download Submit