hxxps://url12[.]mailanyone[.]net/scanner?m=1s97k8-00085Z-3N&d=4%7Cmail%2F90%2F1716229200%2F1s97k8-00085Z-3N%7Cin12j%7C57e1b682%7C11949542%7C14589158%7C664B964047ADE70FAD863B11667FFF69&o=jphtk%2F%2F-t%3A[.]oousenxgrgjrv%2F%2Fci[.]p&s=GnDqKmpYYqza3LGb-UpZ7DV05CE

Analysis

max time kernel
1s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url12.mailanyone.net/scanner?m=1s97k8-00085Z-3N&d=4%7Cmail%2F90%2F1716229200%2F1s97k8-00085Z-3N%7Cin12j%7C57e1b682%7C11949542%7C14589158%7C664B964047ADE70FAD863B11667FFF69&o=jphtk%2F%2F-t%3A.oousenxgrgjrv%2F%2Fci.p&s=GnDqKmpYYqza3LGb-UpZ7DV05CE

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 3476	4268	msedge.exe	83
PID 4268 wrote to memory of 3476	4268	msedge.exe	83
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 4864	4268	msedge.exe	86
PID 4268 wrote to memory of 912	4268	msedge.exe	87
PID 4268 wrote to memory of 912	4268	msedge.exe	87
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88
PID 4268 wrote to memory of 1264	4268	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url12.mailanyone.net/scanner?m=1s97k8-00085Z-3N&d=4%7Cmail%2F90%2F1716229200%2F1s97k8-00085Z-3N%7Cin12j%7C57e1b682%7C11949542%7C14589158%7C664B964047ADE70FAD863B11667FFF69&o=jphtk%2F%2F-t%3A.oousenxgrgjrv%2F%2Fci.p&s=GnDqKmpYYqza3LGb-UpZ7DV05CE
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffc114846f8,0x7ffc11484708,0x7ffc11484718
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,14250644361237262525,12888910265712494695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3364 /prefetch:2
  2⤵
  PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7f355fd4efd562c64d6edb6ea3177143

SHA1
cfffd1eca48588c84b67d05830f4895378cbdfef

SHA256
a2576279c980fd600ef4947af4a05879cbea8837e397ed79783f9b1a1d9630e0

SHA512
1455fd98703e7c5e2452a613753633f411494d6b6ab944dfd91f939a2c4918037e8501ad1e8ff3bc5ed98b89b0a03c8bcaadc36adec692a00a896b30e79c595a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
501B

MD5
decc5f33b9b0e115c1c61456bb173592

SHA1
7b50ec0357a864b9b9846b8962b95fdaf5814d3c

SHA256
106108fd12d097eb20f143cc4f371c302f24c88400f9027e9809c8219f2cffc7

SHA512
c086a52d6be4d984abd9c21b3bd864b9b8ed712d1d9e80f2b0f238e7e0c169eee4c4e1d3664c29a3f00b21b7e99ed51a2838f17c9e41c561b8a415f577ddca9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8db6f1eabc0812960d132aad4324c5b2

SHA1
65bd38efe14a27cf21a2831773557b58dfd12bbc

SHA256
9e67c5570464a00c08bc653ef5419bba67042ab9c0acc4fdffb412b697e69223

SHA512
e860c8b68480d5cef16d85dc5251b529e85875664e40d6fde7d47416d00f1a0e7f4da5eb517d48a63c327592b70f85a13d78c84a1b020ee2725dacf5a22137e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e82edadbea877d04d57b132d388d725

SHA1
bd7b8cba3babb72c9066a637b882bf2511290877

SHA256
1c6c3822ab0fa67c395f3c4ceb2fbea66f9f00e2966dbd0132ef14cf7f002a16

SHA512
e1b2b0496edc76f97a0f9a933034e79249438d4d3d00d33ddd1b49a6ebc67627e36fe8156c5e0db952425674d9cd1bae25802a38bdb44daec5c67bb546d50f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e5ea12a049a35aef4c2d21fb8495d8ea

SHA1
499ab0f0a0437cd448fac983cbb99dfcddf908f4

SHA256
e21e801a15b88e97cad4b1a70048e62afc67b0bb893a32a5878d57e342962385

SHA512
1838c5c49782a1d6c67a5d43e1dbaca06833226c6008b309a6ece4f343cbea43c3417d7f130f62dd84a4966dcdf7a6efcaeb5f723eb127af40a3352ff1bbb150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00339185a4926c6a9b907cd8ec7125d1

SHA1
4365637956153c2101ce12e7b11b59244e6221a4

SHA256
f8749858ad3e6183f8bce73cb3176d47a221300db1b3ddbac5942a6461a61f33

SHA512
f0a2ac68e2ae1a9a54dd31083a4395889df94b0bb78c60a852d5af0ba4e4bcc54f4e06533f5ee3547e0d5c6fbb44ea17d228ae81fe8c0c4c19b28454609c6d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c716cc97-1cde-491b-905e-5eeeba387c59.tmp

Filesize
11KB

MD5
d1cfadf6c1cfdcc6dc7b7b1d9000103e

SHA1
969d6e2043014aa2c6e843708a30efd4b6e3cd09

SHA256
eb3901af317737d427b0157bdb162176e332e33c558e786cc718b4e4cf7be081

SHA512
b77c54f2e4df499408334f3f6a7357bf0a349deee779c3d98edfa3529dd68de43e15c7a8f981bbd2aa4fbc8abca1675f237b6aca17afa097ea055e4a681c2068

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads