hxxps://www[.]google[.]com/

Resubmissions

24/06/2024, 13:51

240624-q6bqzsyeqq 1

24/06/2024, 13:51

240624-q5199ayepr 1

24/06/2024, 13:49

240624-q4n9asvfle 1

24/06/2024, 13:12

240624-qfqgfsxdkp 8

Analysis

max time kernel
18s
max time network
19s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
24/06/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
648	msedge.exe
648	msedge.exe
3424	msedge.exe
3424	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 852	3424	msedge.exe	78
PID 3424 wrote to memory of 852	3424	msedge.exe	78
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 2332	3424	msedge.exe	79
PID 3424 wrote to memory of 648	3424	msedge.exe	80
PID 3424 wrote to memory of 648	3424	msedge.exe	80
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81
PID 3424 wrote to memory of 952	3424	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfa663cb8,0x7ffcfa663cc8,0x7ffcfa663cd8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4494389966071166134,4362056532812661978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d56e8f308a28ac4183257a7950ab5c89

SHA1
044969c58cef041a073c2d132fa66ccc1ee553fe

SHA256
0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae

SHA512
fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f2eb94e31cadfb6eb07e6bbe61ef7ae

SHA1
3f42b0d5a90408689e7f7941f8db72a67d5a2eab

SHA256
d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de

SHA512
9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
06612faa0b0e922a39f5611596b71edd

SHA1
04402f1fd894deb01d2bb4ef50076015ddae2249

SHA256
b86866112e40606578dcf7b612e9a0b69223a8f31667a14b204d8a76b059bd00

SHA512
c5ce67e0abf2c58743547102f37e448d17c0e02fd3b5345870eabee2b358676c02a0150a6306ef9f34df4a51cbb2d6afbb1e5a7375dca843d0816ee7309084b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
bd0eeaec85dd79a89d673939cca439db

SHA1
10985d81bd129ecfe6235fa9abd567626b26b526

SHA256
7594f2666b45012dbf18fa6c2941550ad8fe677346febd5930aad4a2c30994d7

SHA512
9b7daa576ca7c856051eb3da9166107336d2f5e713dadee1699f36e7989a68a211462df1353e963f7c34c024ba8cca4311f4f0e81c1a25dafb29d00a353f3af8

Download Submit