hxxp://akdigital[.]shop

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://akdigital.shop

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
452	msedge.exe
452	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1652	452	msedge.exe	82
PID 452 wrote to memory of 1652	452	msedge.exe	82
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 1668	452	msedge.exe	83
PID 452 wrote to memory of 3940	452	msedge.exe	84
PID 452 wrote to memory of 3940	452	msedge.exe	84
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85
PID 452 wrote to memory of 3988	452	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://akdigital.shop
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa993e46f8,0x7ffa993e4708,0x7ffa993e4718
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,808511551747701745,2268970638832733972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2a74e459920695e50e5615697d2db7b6

SHA1
10a0f15b2cbca6205360e423a16a417f24796b0a

SHA256
3ae965db154ff61954209a9736f14399fd8ea5b160e8de418f1b0c7fd3e9ae67

SHA512
e3f704d1edee6b421a9ec458794472631b556b5917fbde30e78eca9d2e2e69981dafd6b2223d561066c0f801903a274213f7ef534b1a9c34ceac67a534d8ed75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
577B

MD5
525addf71012d1d517678be078146916

SHA1
58bf4e42f684ce764e3b2f735969a4dbedbb2ed8

SHA256
1037ddc4784d29e96990f02d93645a66179c98e3eabff034d4ecc15a68c6deb1

SHA512
4cdb2cb39ee60ba9eb5eb1719392823666d5b978754315d9dd1a79b8d6f1b7e0f62c383523bdea18f02d82d070fd0dee520062423da2a8c82f90d002fdca3d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ae3020f3fcf057c3e62a6ba41094424

SHA1
6a6fbf49a2328d63c1fc3bd3c8a9d8eac561c717

SHA256
b0f6e782f00685582dfb4f8ba780a39cc9f87d0c03f82bb54fdf0c1daf5e4cb1

SHA512
3bfb4f2525eabdb5f0e874af2b58b595fdcccfb324f3d5872e8665ca84d135b1cd607b702dac5c61300d9f8378dcab246374e2ff50162f6481a4de782851cb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
927bc33239f0f332a9b15ae707f44020

SHA1
a657c17cc6d33ce8320d47f6952232126ba0d67e

SHA256
c260006514a04a5e190a229255024daff1cbb27af79f5735514181756618e418

SHA512
e83954d63dce20e97e9822aeff469f39a3aef65f073e1f0f4851e3a9cbea74c59d34f15fe248a9918c517389e3309338dd16b4651fdee8c8011d3cc049bc4618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8616e66ef5627f4bac5acb032abdc516

SHA1
fe2aa0c3d1b8ef523f9ce811d257669c4a9737b4

SHA256
1a4e303df562b7c416a4dcaf5679104cd1015eeda4f81f635f7ce297e78ae4e5

SHA512
1b0a164fde322bb638e895d2f7a97c760615f6c8fbaf61b32313e0f423c6e1b3a8226b861ee629a8ae05fa9bfd60937be47b1cf5bd6643453e5f539407967f27

Download Submit