Analysis
-
max time kernel
1s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 12:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.123greetings.com/events/sunscreen_day/?utm_source=emay_sunscreenday_email
Resource
win10v2004-20240508-en
General
-
Target
https://www.123greetings.com/events/sunscreen_day/?utm_source=emay_sunscreenday_email
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3960 msedge.exe 3960 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 632 msedge.exe 632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 632 wrote to memory of 4528 632 msedge.exe 83 PID 632 wrote to memory of 4528 632 msedge.exe 83 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3688 632 msedge.exe 84 PID 632 wrote to memory of 3960 632 msedge.exe 85 PID 632 wrote to memory of 3960 632 msedge.exe 85 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86 PID 632 wrote to memory of 4004 632 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.123greetings.com/events/sunscreen_day/?utm_source=emay_sunscreenday_email1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0a6a46f8,0x7fff0a6a4708,0x7fff0a6a47182⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:2652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵PID:2244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,15437700009343930126,2711662377783760879,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6480 /prefetch:82⤵PID:4924
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4132
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x418 0x3041⤵PID:1528
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
Filesize
140KB
MD5f6b22c76324ba65e715173ab3415eacf
SHA1083b2f492b27a0408ffc81dbe89fb306a2e68cbd
SHA25671b06b2887601583c791a2675a21d2aa8305d8456ecde4e292b4233edd7f7d30
SHA5123acc4caa5c75d6fc93b07b3bd3d4274a3ec85820c7a37754d0f1b210803541232c791cb6eb1fee96ffd08a8aa6dea2f890de7f946a8352582387f910caf309f3
-
Filesize
64KB
MD5d84862513956cbe61aeb4ebbfdd3355a
SHA114ab269df17cb0333b1556ce120d587324479f6b
SHA256a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5
SHA512d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d
-
Filesize
19KB
MD52b845c3bbfbcb4e28ffbd1838368decd
SHA14414c101a651bbc06ab2d1eced6932338278e7fb
SHA256addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4
SHA512c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d
-
Filesize
31KB
MD54bf8d317d5f71b2f96f427de8d9541cf
SHA1bc56555e40ed0caea5836ab3b12ea5246918c062
SHA256c91096817f292946f570d1f2bb1603c5427ce02b7fef1bff014107d45d997567
SHA51201c814a24f36e1d82a965f41b93ec5aa53c3787b648ec7afec88c01b47cd3e481c0e112b22e51ba88687adc06e5c24f9bd44e3bf854fabed9fed21996d3feea6
-
Filesize
207B
MD573c4e735c56be6e0f60f88ee504eec28
SHA1168d214ccc372d9a515f3d673fc2b0ddc16651ed
SHA256c2d79e3395219bc9e6599870dbf3b2d32296b55c3dacb9f1735f5522d6762c94
SHA5126d3da0969ba25eeeaffcd52c128e597edc11a5e666b9549d7fabd59471e656d3e36390950a2fa2b3589cdc6fa16f5149827bf4ba63325f970ed497ec584f977b
-
Filesize
212B
MD5fe0583f34c2f93c8560a12e30096e047
SHA1c8bcfe3681ff3522fae4834f4c0cfa9f6227d681
SHA256ff89851c2b650d164d50366860fc1c15812753b1f6ffbfa674ded1030f7915f8
SHA5127bf133ad1d012a62626cbbab3c78b77cb4a39a0cba8b1d6951a0a430e3f2054a1b6e5b9ac0e3584c238d3c5979648bf92c9bdd4f8b543d3f60eebb8c1ab1c3d5
-
Filesize
5KB
MD56d593dbbf397815c3c23d84a4a6917a8
SHA156d4446fde1e05deaa6233129cd0e089fb1bfc5f
SHA256b99bc4724a31cbf816a9ad0a7d91d7c4addd23d2cfe57731032b47baa70bf124
SHA512179b953bcb8c413658987c4cd7719e2a3d69290deadeed2bc94b5931a0f5e5f7b185b28a482a63d36cd1ded321acfd15c551e2e8b1d863dc779179c947d8ab7f