hxxps://getintopcc[.]pro/

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getintopcc.pro/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
224	msedge.exe
224	msedge.exe
3952	identity_helper.exe
3952	identity_helper.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe
3944	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1292	224	msedge.exe	82
PID 224 wrote to memory of 1292	224	msedge.exe	82
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 1052	224	msedge.exe	84
PID 224 wrote to memory of 4444	224	msedge.exe	85
PID 224 wrote to memory of 4444	224	msedge.exe	85
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86
PID 224 wrote to memory of 3660	224	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopcc.pro/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfd7b46f8,0x7ffcfd7b4708,0x7ffcfd7b4718
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,12489127807637557106,10054607808723904606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
67a547f25fc6e2122cc7aab308b2d205

SHA1
57136421682d480930ad75a74a879c5ab0e2681a

SHA256
ce2da860ea8cd06b3cd8d605c788f62222e785fcf47dbdb997914794d2312e91

SHA512
d99fa6c4c9366c4f8751ba1279d4afc157f5ede8b69a13cf5051ddbbf2e0d09a739ab88537eb129e2d8a318b109f6d26150fa442315db762d362f49412089851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a6ab1debf3a136076f661421714d1d15

SHA1
80dd18bbd01344558efc0401db4e8d98ec80d2d1

SHA256
f320d4dffd1c098ac5c19791c33a3e5a64be59e3b7593559a0c226cb0f427017

SHA512
6dd4431e664d37de820b0c0c52014445e1a9cbb176ddea23d8b0a1b66b73ae77a9b13f71cc08e3482c0aa962211db1285cab6d8f20e5c053256f127e16620407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8125fc018998a9f3b29b4bb578191df

SHA1
4a79b93233406b53eca0ac1c649ae02550a90ed7

SHA256
e677fe2aa0431c4d4ac2c3bd565d7220f58cb176e37aede5180359dc3775930e

SHA512
7bb6937133a08b3b47668e04445affca98442a4dd67fb2967d17a692f7aecce738f6ea29376af116959575eb9ae3a0109c748824de9a5f763f533dd2aff511c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2152736714205fe606d6db8ebc3e9d50

SHA1
d93b75dc858998b392b2e0d6ca5271f1f9db2024

SHA256
ca5161be9ec2002166fdf1ce57aab378afc4b851b0f39315413424a0b3c3ab5c

SHA512
8e6306ac0488f41d6326af6971da0062f177fda4dc9f868762b91e9f9e6b2639675f3fcd54c6333e22a0d5fdaecc08814857be210678249f1d22f02abf9e68fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92532abee9e5d61f3fc61eb680aa07ba

SHA1
3b64a2a6132a4a370d2536300b3c95e02912fc75

SHA256
0ec9e7a606e4300b3b09dd441a77fdf4391411cded9d6ee41f26bd6c195ef77c

SHA512
af8ed03ca81c34d0c3869e6fc74a7ddddfecf30dfa05e86489206663be098abe0de336d8f6217d862fe304bd036f8a3b8bb12c746aa417e8276f2ef41b17eb28

Download Submit