Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://dialpad.com/?utm/source=product/dp&utm/medium=email&utm/term=footer-dialpad-link&utm/campaign=dp-product-emails
Resource
win10v2004-20240508-en
General
-
Target
https://dialpad.com/?utm/source=product/dp&utm/medium=email&utm/term=footer-dialpad-link&utm/campaign=dp-product-emails
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 2996 msedge.exe 2996 msedge.exe 2164 identity_helper.exe 2164 identity_helper.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe 2324 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2996 wrote to memory of 4608 2996 msedge.exe 84 PID 2996 wrote to memory of 4608 2996 msedge.exe 84 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 1676 2996 msedge.exe 85 PID 2996 wrote to memory of 3528 2996 msedge.exe 86 PID 2996 wrote to memory of 3528 2996 msedge.exe 86 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87 PID 2996 wrote to memory of 4628 2996 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dialpad.com/?utm/source=product/dp&utm/medium=email&utm/term=footer-dialpad-link&utm/campaign=dp-product-emails1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12ce46f8,0x7ffa12ce4708,0x7ffa12ce47182⤵PID:4608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:82⤵PID:4628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2324
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:820
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4092
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD57cd9e123980550f733aa6e6794470721
SHA19e1992cab7533c7c2f141b9d365ee4982081dfed
SHA256b7189c7b385ac3cf5a6d6401cc6dbfa707cf15b11a9e60c1eb952ecedc119083
SHA5124ff778b4e6bfc603a8328d62af83aefc9afa7f61d632d4a3a21a616efd50c3fad47a0fa52b5e4039d8ecc702b4f61009e7112e44152e5a853a58ae8333e1ed2c
-
Filesize
7KB
MD50151262ab414d2276c25e5dd10dfaf05
SHA1c04fd51274133edb242de20bea06845f01be532b
SHA256ffe4f10f781031f86570953b995c180dfc7ef5cb22c08224a07513b8c7ed0594
SHA512757d74c75dff189bbd307af1e0b7404168f0f3b4b2c7ad837257c9ad4bb012478a1132525617eed76ebbae052d7c9770361e248b07084bdca9511b5efeb0deab
-
Filesize
5KB
MD5bae142574c969ad00c438052ce7a9dac
SHA1db629aab094d5ee7e93f0a9053273f138cf58026
SHA256d1834b6d1d2dd5ce054a7d5bc1166a9eccc3b60d0315f09ca6b6cbfe68fa0057
SHA512438e9432c5c66ab8b9839681a12c33595d51bba06445b1ebc689ae61cae2e4e648f2180794d147e13b0184a5d4c65925ffc66e33eca14069e96a009d872693a2
-
Filesize
10KB
MD582806655c2b41b90bc957c466ab38559
SHA1b6e100d3b22045e1aed26832bfbf68e7754c81d2
SHA256cc37036da856c28fe6feabf99e5bec624cd86247799df3c3bf381e7323cf203a
SHA51292b62db4e1c03a585534736c1d74752bed33ed9818ba245e37433a7181b8c0b1e032ae043adb098efd308582e59fe47ed0bf76a80efd7b4ebb7161f05995e650
-
Filesize
8KB
MD59b489db0fb27d860b65e6176924c5804
SHA119b5330b6aa7697779898660dede1576c00e3028
SHA2562bf1ef07f87bbc8fc14e5d82889c5026c3f404694ec9ee8c4e7da320a7c5afa4
SHA5121747c3f506b040cb507f635efe17d8c9c3ec995661667ef5ff3d35f1bad9e80ae961100a45e4750a96e6d5d6902e930b35113200fdf78cea278e311adf2accbd
-
Filesize
3KB
MD590f18860451b05a57f55ad7d5e578d15
SHA167e73ae21035371050ed6da6dadddb19fea70dd0
SHA25630be3c46c01d33854564b1a35b7441991ed361cffac02edd6443e42b85dbfaa7
SHA5127eac9b3573c52e5f5983a0a25c59d8fbdc8aebca59374aad542b7800679bf82268c9c2c9cac0bd0368c9e0d3c4f17a78636e70bc0900757b144fbfed29b572e8
-
Filesize
3KB
MD5744a95f84db1fcd2c5d898b81ef0078a
SHA19115e476fd2bace571117c6a5389a6bb6968188f
SHA2566278c06430586e8a33e30edcf06da8b0e3689dd28284e17fa438bb141d0f0ae4
SHA51260d830c4645363b879baef19e75c47b6b89fe327beec25465bd2e7c84c49a5b1541be202160b5005a82c2343547b2333ece82c9b51dfa1af30c49c3b164aa4c8
-
Filesize
2KB
MD510665335c551496e15695aa02d202f61
SHA1fc8824e991927ff2843767d491d79bcb4350bde4
SHA2568cc5af01794dbd6c830dbc7f65b00b4d4e7681b9f021746e8fb2049b8213bf4c
SHA5123cf0fec1cb52f30c61741efde8ff843689d407ab1b5e50a95e2604b189bb566b7bcf35cc37a5e714e29f0598c71bbc39b6fa826ba9fc51ceb24c8b0789862bba
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ba758bd820dc5c39f31e0042f364996c
SHA151ffb189e44435b0afa9f5a7093bd5c729379cd9
SHA256bcfea742d9e8a037d48175d510310f53ec731b47562ade383a4c8a5ab2176010
SHA51222754503625b5c41c13c530da7f63b2adbca8a4930280400d3dcc46e009a6350d281bef49416bfca9592eed6ec3838f4403cb4c37a24f066bd3384ed98163f4e