hxxp://www[.]google[.]com

Analysis

max time kernel
42s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 1864	652	msedge.exe	81
PID 652 wrote to memory of 1864	652	msedge.exe	81
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 4592	652	msedge.exe	82
PID 652 wrote to memory of 112	652	msedge.exe	83
PID 652 wrote to memory of 112	652	msedge.exe	83
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84
PID 652 wrote to memory of 5012	652	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae94e46f8,0x7ffae94e4708,0x7ffae94e4718
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,7472776871841387520,15580605009388839614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
c5e3623312f8524832de60858c7e293d

SHA1
c33e3522b9a727dda8fcd8f59c410a14440b2a2b

SHA256
202e8a811c309dc44440bd411a78460673b2cca59cab412383459d172eb4e25c

SHA512
7f41da063abad10f750f5b5bfd5694aab5d60620c2892f4097f035bf0d50dd486d4f8c1ffcfb5aa1806dab23e05f227ed657a992fe7517b2865cc167a519ed96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
e7e54b83ca8b8dec701848843e04deef

SHA1
d52d7270ace3b787de65ff70eff30117289af265

SHA256
7ec72ffbc1c80dbf23a77d6e9eaf54a123e29cc156fb029051b3eececa2a3245

SHA512
8358a8b96913bfdc9cf4ef2b4d3e55ebe2d8c187c44471eae0d0238b71fd6b845eb5eb3b9ee4013d91c4f6638edf7a4c47a09a343f29974ffdf467e47ed01ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
170dbc759b32ea87e951116af8340f65

SHA1
5ba6b33f86371909b061377a6a3b6e6969868ceb

SHA256
0489cc04278fab28f46fae3a1e6565c62f1dc7b51cf7a8816ec9169815764f40

SHA512
87b82aef22e5c0b7ab08e1563de98a9f9491a3806bdd05c2ad0ee6d92061623c43874d16e706fe7c5c52b612ad67b9da11bd36829f3de766c15a4c4cf9d4ea72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c29e5ef3eb4e63735ef90c3a1f99c01

SHA1
89f18ad55cd10d40ec97d838fe8305f09c4d3ce5

SHA256
778ded242b4073d296763d3c302d400b56b6705c6cb7631c4cecac8283e36f99

SHA512
716f33580db574064c2f926b5cfa74b87aca9be2df03127ee16f8ea8f62722d196e4ecf000056722c6802402943ec1208169c06079179239a1b0cb3b9376968c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
836ff48ce320f6eb2aad6e84cc991473

SHA1
12a9b65e7269cf80fed433d9104159b6793ac352

SHA256
edf68eb449a5cc5cbdffa038c39a01c53bee66f0bbaa11b86f108dbbe327d334

SHA512
4f24508a94bb2cf1c0b7a75ba5ec8d3cad0f145c9510a0efe136572b69854913fe0528f430b1a0abce9d515dbf27a8aa90184d3e1d810a83224bfc8f110de22a

Download Submit