Analysis
-
max time kernel
597s -
max time network
484s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/08/2024, 21:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://google.com
Resource
win11-20240802-en
General
-
Target
https://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 3632 msedge.exe 3632 msedge.exe 1232 msedge.exe 1232 msedge.exe 816 msedge.exe 816 msedge.exe 4668 identity_helper.exe 4668 identity_helper.exe 1104 msedge.exe 1104 msedge.exe 1104 msedge.exe 1104 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe 1232 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1232 wrote to memory of 4552 1232 msedge.exe 81 PID 1232 wrote to memory of 4552 1232 msedge.exe 81 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3944 1232 msedge.exe 83 PID 1232 wrote to memory of 3632 1232 msedge.exe 84 PID 1232 wrote to memory of 3632 1232 msedge.exe 84 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85 PID 1232 wrote to memory of 3836 1232 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff965663cb8,0x7ff965663cc8,0x7ff965663cd82⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,18165921334514032939,17049708320420499209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2556 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53e681bda746d695b173a54033103efa8
SHA1ae07be487e65914bb068174b99660fb8deb11a1d
SHA256fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2
SHA5120f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8
-
Filesize
152B
MD59f081a02d8bbd5d800828ed8c769f5d9
SHA1978d807096b7e7a4962a001b7bba6b2e77ce419a
SHA256a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e
SHA5127f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD53b21d66143b247f6080c6f523ba036ab
SHA17a6c84de82c2a613c45d2e899dcdc8323362f270
SHA2568190ee145274d383dbad9d34d2dc3f275bbcb1e630283512a83dd848e116ab33
SHA512f8ec049931ddf1c8c80e84c57530e0a79de6f22a45f474480a2f72be5c3137f6b4a877e3710b1bde8bad7df4d00f55dd98819baeadd7dc20f6dd032c5e604ba3
-
Filesize
1002B
MD524ca0ffb275322b71067c8c5d387886a
SHA12e691c548db5569d3d81e7f8494299d57b3dc628
SHA256d2a75d6049296c202774b4b45d5e76f64c779851e8e75dfb7fea5ead51febd0f
SHA51200ab8835031571158865462d119cd206e72fca9d6cba2eec9943f061a7412b0a8d6a22d4cfbbd9c543b1d7ec9904da1d5e782993bffa65b8a5d950aefce27ba8
-
Filesize
5KB
MD55dc032d2841eac1c6c402a4fc811eb50
SHA15c2333e78be26cf57b7caae9c4804d3aba3aa56b
SHA25676dbfead07667d7b90669a937fd7ca70288de99fe392b7cd8429850f06590dc0
SHA512271982ae1e9692760c4de146f1b6283cb1f80483b0babdec23d9383d8600cfe7226b23f01eb628262a262d80f23878405bd99ec47313a470717c8d702095097e
-
Filesize
6KB
MD580ac9fefab7b5483ff0155742d7c8476
SHA1816a79d42d68577b6bd0cee4486d3d66a2cec768
SHA2566e32342d8f6563c5c49e7888c9bf83a2efecddf4f13f56af0b866dbc3a04a807
SHA512eb4ff2c99dfa2f3742da24a24c129869ad184e78e74044f22dc513ee21d62231cb61094e186fb3c6e85512ed7d7a9fc611b3af79e5eea43161c0b94e6c8f1556
-
Filesize
6KB
MD5c096115734cbce54c10f01a333261cc9
SHA16a66bdb51e43b545d0ed6f58771d5c0b4486d8d5
SHA256b5504f7f8da33a7286805729af0ff55dcd5c147bcdef4581004577cbc1d17028
SHA51273c9d90a1d78f9c80895d9abf03ff8fbe332e9a42ecc5d8871aee91cc309fa4c55bad4f2d29309771d21e52ff4a27bbd0361fc4d8f8e97b57dd5bf00fab4a2ac
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD585109b83efcf2ed14de6bf8768794a4a
SHA195f9caf4afe0458df195588bee636cfc1df63fd1
SHA256ab695f36e7d6c4811529da6e34d544e5f5aa45428c3dcff27034462aafb987b6
SHA5122a8846a230b725c785522ede4103f47219462990c0a643e002cb0e28847e36b51ea0746c16d920b2951ef197b9a93751b3e4b77c9c8095044c6c3105971d3602
-
Filesize
10KB
MD5f3c561143f27fd897fb28339ba6993eb
SHA1d00b85cbd8234d796ac29957a049ae3f4e6c35ed
SHA25677c3459ccf94dc28eebd549e9cf2a29f575821c07ebe17128d28ebd3222752d8
SHA51247812a9863a0e447e295a87ee90411bf36ef197fdaf132ad0795b64b95acf7453c54a7fc4c1f2e7c5c5dd7981caa1fc6c599f54a1f9d82673beea5e81f46b84c