Analysis
-
max time kernel
87s -
max time network
88s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
25-05-2024 14:59
General
-
Target
http://google.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 56 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8426246f8,0x7ff842624708,0x7ff8426247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,2804572470430253715,2515119142323853954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6648 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
40KB
MD55ce7bdeeea547dc5e395554f1de0b179
SHA13dba53fa4da7c828a468d17abc09b265b664078a
SHA256675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9
SHA5120bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e
-
Filesize
336B
MD50a82367180fd1fcc71aeba02dfb2cd65
SHA1d426e3100cc223cbd680ea902ba120ee1c2b085b
SHA2562678ae8cc0c63f821b0fda132f885e64b54414bba6e7e796fac9b979f8023d55
SHA51266dd4c1e5c9fcc63f77ad515dcd8e6155506281048a21b126602c775b3bf9f82af4a73de6a1bd4fb04cc1ccf879b3230d4f5c8b3b361ad8a6e20219d3be1d842
-
Filesize
2KB
MD53edb0e4896c1b89013b0b54b0c3b0293
SHA134d5b4bbb7d05b573d7650bf814e04a49c4fc700
SHA25607dee4e6b67de603fba5d2248f0c050ff665ef067215139fa7064b9280a86609
SHA51259b693bde6303cc4315d95bf736ab276d389ec93b3bc812ea1b7eb391c0d1720bcd15a0242fa49c2be99604a6f8c3e41159e5a677ae3dda2fe5bead65d99db29
-
Filesize
5KB
MD5349862edf3e6cc9cfcd4c1cbc27f623d
SHA13aa23c7b203709aca65f12ddf071f0e89165a4a4
SHA2567a29f711aa1339418f7372cfbc489460fc326cbceadf02cba924fdfb6596b162
SHA5128fd335741f16582ceae21ae692c2b593513481085fed80cf6d6f1000ae6ab72ef4053abb49545154391bfaa46068737d811aac37f9c3a1099bf67de9942f4345
-
Filesize
7KB
MD5b69cbe4174e92a644c7df376ca42e2ed
SHA137cfb7842509c4505fa908f36e74cff7c7eb9474
SHA256e7cf6e1764c3cb6caff07cb033dbda536d291e3e60c8f9d0306df42135e70b07
SHA512e2945b8a6c42d040868731fb495746d641a21caf5b2fd1af63dc6ec1a7ee22897e6febad85f14b3492ee6e5f5b39786384b4455f196e4b02f44414d278f0d560
-
Filesize
6KB
MD5e62f0c0d1e296aafdce3f6c390e751cd
SHA1686c47abe75367187a6fa3309b39bf0f49955062
SHA256dbe83a6fd02138429330587bc300ec06ae5ffe53b8f574d6c238f2b6fac85040
SHA512d3df0239fed31f55fb1ad7c45d2779b48efb8185053bc7f55dd1d9f51eaa41da5adabcc85124c396b858bcf6e0adc3a69156332bda37ebff7d470fc370fa0337
-
Filesize
7KB
MD52b6b873ebd71e31def6caaa64b224dcd
SHA15b6837d4835d7398b12c98ad8c163304c48de110
SHA2567b648021e3d0cf7b6daff024860b26778000c442b4c7b5a0d0627975a5961f80
SHA512d018bedcf188a88ca7639198fe1b5bb4134f1988144d04e96dcc05696f2689d8ad056c6a78cefb85bfd9b0d95677b5b31803067c650b7af91fbc6f181c66e179
-
Filesize
539B
MD509dc38fbef4cbed99e6b48707d7625de
SHA1270a0bc76d56569d39936a12d797a6aee668bf17
SHA256480542b429bf25b696003f42e40c162890e4ec7a367f5c7868d2af4fad147517
SHA51235fd7e313f992a2f339ce9ca6eafd5a5acd7ffc2e938a5789e122984ee100e4f8ded81a54329ed462cbdb72f60825eea2931c578f177bb6d93c25e10829c6c88
-
Filesize
2KB
MD5207cc80076c80ba351a92730b17f372a
SHA19dd74145db178231f9b46ee7f3534a8517a25ea1
SHA256dcc1cf0b50c0b7d0e6c68c82b39b2687159207989302a2ff06d158d4c5f0249f
SHA51273d3d63446cb262ffc92e9eefbd33545c944f9c82663bc6e6f89656dc9e699be4f7f318d4206949a1c4afcfcff8675da9f6476e4c3aba77aeb7e547e8af40c82
-
Filesize
874B
MD58c38e311b5c65d8510b9da8468ea56da
SHA1ff5a93e5acf87925440952ba54ebab9d4da90a31
SHA25609dab88ca889734e59822af5c63cf02b7805c70337c59a765a9ed4c9445a7edd
SHA512240792e7e996469e6f0c5ae003d6b0ed3fd9608a02057288aba1fd959984101396ff6961bc0efb1f7b1a11a9a96438fa934861e9f277d77791a22f8452874925
-
Filesize
372B
MD54ba2359272bede5ca61463f749199cd2
SHA1025100e1e34c59f66c467071f6b5b4ff0003cf8b
SHA256b80e3ff928d89c48abb43c8a03408996997f39ebb6d5e2bb002cedb2bafb07d2
SHA512f00036edadbff5a0177205e47f4ef78a8bbe9c17ede9ae5d72623492945da04b06efaef9d3cb11001d04d63790b0c238f761fc87cab59f1c2caf3fa07a89ae02
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
17KB
MD5913728da90cf90d8e78af59c60b47c3d
SHA1f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e
SHA256b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82
SHA5123af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974
-
Filesize
11KB
MD5180bfec1229d489a34dcfad8d8e88954
SHA109afe3f9b358f81d7ad5cff26e27a5fd9b8c6e5e
SHA256db3d3d4c14d34819820ebec884c703fe2cb31adfa181aaedade025f91ed55119
SHA5126ff54f0e51a0a8e3189792b1ac4af406e5e220a423acdef7ed5d76a12aaf1c96dc86d3fbfdd96e70b9a8aae470318c9ebdb4a0436d470a769e29379a03fc2051
-
Filesize
846KB
MD513d2cd4807ddf8f8d4355eb4b0bd9e6b
SHA1cffb4a9b9ee56fec86f7f5c6c7f3641138a3954e
SHA25627cd3aef24a6eafcd0720f5fc24d706a5493d3aea40869c89598cc580861ed23
SHA5123b7ec8135a2ddee28c45a1b170121bc598e4bd686dc60871cec9078afa12ab995c1f9cebb628050dbe27b20b06b659e7017be57d30e3679a9db9704a694ae342