Resubmissions
13/06/2024, 02:18
240613-crrxrsvcjl 113/06/2024, 02:16
240613-cqmlna1cmf 413/06/2024, 02:16
240613-cqjvrsvbpq 113/06/2024, 02:16
240613-cqeaaavbpj 113/06/2024, 02:16
240613-cqa8mavbnn 413/06/2024, 02:16
240613-cp76zavbnk 113/06/2024, 02:16
240613-cp4hsavbmn 113/06/2024, 02:15
240613-cpzjtsvblq 1Analysis
-
max time kernel
1765s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240611-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4740 msedge.exe 4740 msedge.exe 5028 msedge.exe 5028 msedge.exe 3952 identity_helper.exe 3952 identity_helper.exe 3376 msedge.exe 3376 msedge.exe 3376 msedge.exe 3376 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5028 wrote to memory of 5052 5028 msedge.exe 81 PID 5028 wrote to memory of 5052 5028 msedge.exe 81 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 1412 5028 msedge.exe 82 PID 5028 wrote to memory of 4740 5028 msedge.exe 83 PID 5028 wrote to memory of 4740 5028 msedge.exe 83 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84 PID 5028 wrote to memory of 1344 5028 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa405846f8,0x7ffa40584708,0x7ffa405847182⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4660859473535154191,1600993891356962557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2616 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1364
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
Filesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5dde96ff393aad55fc7443843dd8be764
SHA196c8014db825c41fdd70a346627eba8a27db71cc
SHA256661efd05927bb88d8e684e904f2a03c53d01e0fc9d37ca33520e021ec38f7b6e
SHA5125e8f3553c4ab65a036a658d7b4c3c700b199e9cb74d82a66bd8344938fe87157598b925fd566912a429c78c94187a72490c2075d042098a6366537e91df54339
-
Filesize
1KB
MD5113c1f43b27e2f673409cc3367205d40
SHA1fffd88f52d9c90d50c233b2ccdb05281d668de6a
SHA2565f2a315523ada0eb68c83192d26d3038ee70402ea33a73582cac98016f1c0e7b
SHA512309563fce9f578876862ff0940d3ee1759c8678851f1ab9faecef30e83ac5b95b4afd00af992e87f95cf16b2fb18b4008925ca3519e3b222f8331d0c9cd43a19
-
Filesize
6KB
MD56691cdc3b33bef78ee1f57405ea9b891
SHA12ffc892971a7101d0cbf23a268fd289a6b76499d
SHA256f56e8b2b5a21cf94fdefef91dc1484248546f74dfa2b2b713a2a7a751c600586
SHA51206a528e4aeb69bc99aa12c75b94ec85ac1ae1794d1ba8ddbb9bf0f65078ad9579fb0b4977e9471761064d26c3ed9402515f9adbefbb3eafbc74d22c342013ff4
-
Filesize
6KB
MD52caf270a22084a93ea68f49c4d1d6b16
SHA13aff2073b13d182c70c1a0691f5c4e85338eef52
SHA2564ec98b40ad853242ee246366986df6847c1cc071c2e08ab69baf0654717eccd1
SHA512c838c1d29912bd9599f56c39490657bb5599c6c3971356af59bd460b5dcf66fc67d4ba612f7ad8842d8db4de36b44156cba13733e5c995781491d69ff58c51e3
-
Filesize
6KB
MD598c54e522e073cf986131510d31c40c5
SHA1986912e1add833480d47baa479dff204f904385f
SHA25622f49dc5c480aee5058ef4b6600b06e8d7b54fdd1c3b105553a497498c1d66dd
SHA5120390b62a080e08048c72b0bf2807e527d1515f2f090d142ba567f74c5520d243517c76575833cd9e6f1eec0c026072a051003a9194e18eeecfe60956cb788a3e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e02b8355239c982b5af82b67c47e80a5
SHA148e76894934f7e42bdbff1bd3a4df81ae1338135
SHA2568b19ff5a99d1e720fc5321971c838c5a9bb752aef2e42c8d8ff1a7100d1ff2ce
SHA5126ec73682b22b98bc59c10fd6863abcc567a02bc0aadc2a360bff7c4beeae95729d79b1d511a64d95be10b4500f373285ebf73531b74552b0c238a7d130e2e908