Analysis
-
max time kernel
264s -
max time network
256s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://webhook.site
Resource
win10v2004-20240426-en
General
-
Target
http://webhook.site
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3696 msedge.exe 3696 msedge.exe 4256 msedge.exe 4256 msedge.exe 3820 identity_helper.exe 3820 identity_helper.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe 3732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe 4256 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4256 wrote to memory of 1592 4256 msedge.exe 84 PID 4256 wrote to memory of 1592 4256 msedge.exe 84 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3304 4256 msedge.exe 85 PID 4256 wrote to memory of 3696 4256 msedge.exe 86 PID 4256 wrote to memory of 3696 4256 msedge.exe 86 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87 PID 4256 wrote to memory of 2220 4256 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://webhook.site1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a47182⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:82⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:3744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3696990080816202161,12471490717189056825,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3732
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3908
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2476
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD5adf175c5e69acf9351800435901b9460
SHA18d402bd8c26c0386cca5945d9a144446a4f29264
SHA256d1fb8a9d4874b9022ba3a03cac1120dada72bf7143a1c62d805f808d5a37fd1f
SHA5125b20ac70584506207b1955a04716503b02ab6c55057ca0dcbe7bad432207d99c19a0a8cc1a3f67e30274e5895eb95ac6d67be40108cd9f143695d3aefcbe059f
-
Filesize
756B
MD589830b53445f27bbdd72a315d40e5b3c
SHA1103374a8d673bf2d21bd15635ade2f9416066002
SHA25646db9e92d6d3d2950fa739795e59919bf1d8693e7a2dcb4f3697e70b536d4d8b
SHA5127e81ed7ab561f9ada6275752c38f6019dcf0e98a61678bab8b3a7a3a181e85841f0d927cdb3d90936bb4e9212754bf00bc745ed2f7edb01cef593e13ff79420c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5502dec2f650b144cb038b41cbf574dfe
SHA16762901755c297e07a97c2f3abc01e23b13b6ffc
SHA256ad91f0bd773ac206bfdcc7c8a30edcd44c9264156d31eb9932363a4f345ee24c
SHA512a1b41e01449fc9281369a3287ff1af76b88cda84e363eab19dad7de123e4956e96ef5ffb0ec1b1d6855ed7f55f21a2756315a9d3e9cedef93bef774845defc8b
-
Filesize
6KB
MD55b6267cada9a07c5606bb6ac0c151321
SHA13fd36ee441405e2340c35a3c79c974f6ed075f5e
SHA2561e05068fc0649ef5e620e9b7d64d3ef43dd6dfc3a7f5a12daf74bd38372e92c8
SHA512fa6ed8d53a7c9df014b61bc43c1f14920c3ad17baa20fedd312e6cb3bf8c96cd74abef85f97707f53eb7d056b05fe279e342e0452158bf6dc4f13e7abceda471
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57727860410179e5aaae397dfc63da5ab
SHA16e11a43cecb08659617aed99c19a7f92e5bf462d
SHA2567468949f1fe0c2637e984ce3d1cc2728ad58fa4918a657dfa0f088eb557265fd
SHA512f1d733ba0eb812e447fbac655c4de5b969511afab7732d8267e5b1895c9812d954cd42a8ed911324c3fcb60f74c37cb3fd2beb63f79b1a81b8e7bdaa7190bfdc