Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 16:15
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://app.customerthermometer.com/?template=log_feedback&hash=faa23074&embed_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD02NDIzNw==&[email protected]&f=&l=&c=&c1=Haseeb&c2=Taj&[email protected]&c4=%0A%20RE:%20%20SmartSearch%20International%20Report%20%E2%80%93%20NOV%20Inc.%20[BEALE-BEALE.FID65308]&c5=&c6=&c7=&c8=&c9=&c10=
Resource
win10v2004-20240611-en
General
-
Target
https://app.customerthermometer.com/?template=log_feedback&hash=faa23074&embed_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD02NDIzNw==&[email protected]&f=&l=&c=&c1=Haseeb&c2=Taj&[email protected]&c4=%0A%20RE:%20%20SmartSearch%20International%20Report%20%E2%80%93%20NOV%20Inc.%20[BEALE-BEALE.FID65308]&c5=&c6=&c7=&c8=&c9=&c10=
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 228 msedge.exe 228 msedge.exe 2376 msedge.exe 2376 msedge.exe 4704 identity_helper.exe 4704 identity_helper.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe 4408 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2376 wrote to memory of 1652 2376 msedge.exe 82 PID 2376 wrote to memory of 1652 2376 msedge.exe 82 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 220 2376 msedge.exe 83 PID 2376 wrote to memory of 228 2376 msedge.exe 84 PID 2376 wrote to memory of 228 2376 msedge.exe 84 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85 PID 2376 wrote to memory of 3528 2376 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.customerthermometer.com/?template=log_feedback&hash=faa23074&embed_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD02NDIzNw==&[email protected]&f=&l=&c=&c1=Haseeb&c2=Taj&[email protected]&c4=%0A%20RE:%20%20SmartSearch%20International%20Report%20%E2%80%93%20NOV%20Inc.%20[BEALE-BEALE.FID65308]&c5=&c6=&c7=&c8=&c9=&c10=1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e8c46f8,0x7ffa7e8c4708,0x7ffa7e8c47182⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:22⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3833617688448996974,11461494249146540136,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4600
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2504
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD563b770063b02c188b3eb4b01d367f038
SHA1f4b653f66b905eb0481290c5a3ce8d835549369c
SHA25635e292017d1dc7f47b19544c25b9d90a6bfcf2d36a0d65498c18b5bac2331720
SHA5121efd913f4608bd3f8854e40bb8cd6e688add3cca40280b0dbed4d652d3f8d680f783b495651c5600225e55ee77575ac66eb810f4db4a8d7777b0c6e5583164e3
-
Filesize
447B
MD5739f5c2301f77507eef367fe7eab1638
SHA1599f085be645b8eea1b1ef82f510bab3f5332a92
SHA25644762cd92fca7348cee2ed053459719e8d51ae5818840c0ddef5c200f1577d09
SHA5121ad133114f145d82000faa386b274fa5ee2acc755472f99dfc9484604ca16387433a3cd6e3be5399cee15dfd997c8d6f887fbe0c2ce800dd5f14fb0d645d7d14
-
Filesize
6KB
MD57af99fc513d0e3eb43c9ad29bc7a289d
SHA184991917e415a17fc740da581b51e1f4dc3d1a73
SHA2561eacc066d83034f23991766dd4bdf3e3244ec2085b2826245c088c89f7afc84b
SHA51258df7a58e07172cff4639464dfabcf8638fbedc2637779f8a1270500f5c74714f3fd2fe0893616c6ee757d8aefe453ec6fcfe2ac486581796c232d98f1e378fb
-
Filesize
5KB
MD5740c942f8085d3f49de282b9ac0856bc
SHA1461892fa836d7d95683dfefcf94bc6180ead32d6
SHA256ffa502c5745bde6f9e077c78b8c4fead32ff9212962bf7b9c70534e011aa57a1
SHA512c955bf894b8c3984f52efced5c372fb43c04270a4424a9c688906102dba7c621b80b5d4de07f3c7973b6643c1c8d8a2a94210790d05ab6c0d8242db77267ac6c
-
Filesize
371B
MD5b050c20a51069f71539c448f70f182fe
SHA12e003def428b34465ad81691ac19c807ba795a33
SHA256907d5fc8a9b920884ada1c0710f242d9a47f7a4c8d8385ff6c495707ed41f075
SHA51232891cc66b992f38b55dac1f3de14b52cf71e1092e96ee947f0f28a3990ec29cfdae2f3a548c4b752adc49cc91cfe34a0b7e9579271f0a8414fabd575f0e2768
-
Filesize
371B
MD58cdf14ee52fe345f3a40d3fae6f2bb8f
SHA12ff36c225a562bd5850854b19365de89de3e7c03
SHA25688fc63c47ac4b4adc6a81023c8b4f4877d08cdc0cd767601809ebb978b4c4bc1
SHA512a587081a898e6ff1dfcf8fbde324f04e2959e720a2071b7cb5b7f8f2e59c70bf2ea5fc9c5067047da1e78825f6656a6a8aeae15a4075fccfdcfe75760dfb2208
-
Filesize
371B
MD57e0518c16b3360ff9aeab0442ad03aeb
SHA1adb235823c556bc48a2ab0050175ec5c93422e7f
SHA2560f8151c68c959a884babebede6432e48afb1f53c940bbac2daa8c0c333362b44
SHA51277becdf3519821b8336311db62786ad49e95af615d6b211f8619794f5d844c072dc93a0a1504008e99646f365ac4a916926f4b8b2ed532d411f144f4ef835aac
-
Filesize
371B
MD560c95073e4dcd63cf8b9ac49f2e5f375
SHA156806359762110ccece21a4be62f6e2b859e2c8d
SHA256ec7ff201d7ff92c3cfaacca93b981daf7c5017de1d2bd353ad60648e12eeb19e
SHA5125f640d517efd11c3d7f38e4241f9a390c2ae6f393aba13f23b2d0f269befe05e5e393d5cf3ddaa836a88b72915ab99958204272ef4915ebbf4135620f4a7af8d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD558dfc8eb310f5cde09bd1967fd541ce2
SHA1c30ac17e8dc40e1b9667e838140f32961d71b313
SHA2560077c81dcc9743a3d1d25b5f760ed97a85a8c03e841b4f41613cc808450cb305
SHA5128c23c455b7f37a25d4e4a7cfd94c2426f9028f7a206fef81486d2adf93e498391695d8f9dca44358a0fddf0e89810bfa4b1d84c90ceaa12c483518d34abaab77