hxxp://dps-verbindendinpensioenen[.]net/

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
21/05/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dps-verbindendinpensioenen.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
688	msedge.exe
688	msedge.exe
2576	msedge.exe
2576	msedge.exe
5084	msedge.exe
5084	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 3912	2576	msedge.exe	80
PID 2576 wrote to memory of 3912	2576	msedge.exe	80
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 4144	2576	msedge.exe	81
PID 2576 wrote to memory of 688	2576	msedge.exe	82
PID 2576 wrote to memory of 688	2576	msedge.exe	82
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83
PID 2576 wrote to memory of 5044	2576	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://dps-verbindendinpensioenen.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc5bb43cb8,0x7ffc5bb43cc8,0x7ffc5bb43cd8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,7358071619326369925,13807085024521872849,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
eab910fa1e0a7dafd38fcab0f11a98f4

SHA1
194cd53cdfb8ed16d3043bea7b8de6ad82e47204

SHA256
e03dd2bee56a041922cbc74e65d3ed8ef08a2cf9af3118e4589aa2cbe3fe4258

SHA512
50ca8a1a8492d70ada64235574543ad8f9462a16f1bdb7a367b29769a857620d0e27270e4905aef85b4a45596bc772a996bd71602c1efc2482ac5e70f21f9991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
330B

MD5
32b357952efe129012fa9c2d66ca90fd

SHA1
6a3bcefc69dcbc503fa822601989c4fadad87f08

SHA256
c4200552117c4639a6e28f7c7c25d6e0b5fcfc4aa7273383d5ac470f43939d9d

SHA512
0668629646b9187b0050c534b757f7e00a26cee6a3deb096c3c5fec37c8e6676dbd8a0ec8a2f486063b845556cf1b3bfd8b57890661f1d1250abaa5e6812e8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94965ff395319c1c74da5d38d5c66363

SHA1
11f0f8d32cc12f878c63025ffa2b560d71366cd0

SHA256
4e9c960f944492f5d03408e303ff6b4d3bd821445763f39da1bc17015367961f

SHA512
35bd2ff8d2440ed97d0f978c2b897ce0860bf8e88fc7f5b67b365e75360f4d349eda153543d5982309635b60d64d40f07736f519bd13ba069df49d850d47b3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff8c318befe3418eca1fe6f9dc031783

SHA1
fd30bea743f676ae5eb5e72c8b0940f3f4c213b7

SHA256
3b50363ecfa86480eef7a006241ed38250ad156686f4822ef413c8b1d24cf12c

SHA512
f4204d32d1331f8699abcbd539faed323253c6853f9180eae0db559edb55f7c6d07d6f4323643ee1c38ffd307668f552d27f380a4aa2ac68fb6aa0f44adb440c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4fe25b660043ac163431acdc254a2ee

SHA1
7e7e99398be67d14fe21aa0416265d1fe2f1667e

SHA256
9904f058434e7df12e50332fd1c4d5a1a89f346f1137f716b41373d4861aab93

SHA512
c0bff892248a22d46d3f86f72a0088c38a664b0a418e03920240e640cdc97606638adc310ffca2196c138e4106cc21505a81bad6133eaa5482586ceb5b3179bd

Download Submit