Analysis
-
max time kernel
480s -
max time network
485s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2024, 01:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 4136 msedge.exe 4136 msedge.exe 2012 identity_helper.exe 2012 identity_helper.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe 4136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4136 wrote to memory of 1668 4136 msedge.exe 81 PID 4136 wrote to memory of 1668 4136 msedge.exe 81 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 4444 4136 msedge.exe 83 PID 4136 wrote to memory of 3592 4136 msedge.exe 84 PID 4136 wrote to memory of 3592 4136 msedge.exe 84 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85 PID 4136 wrote to memory of 944 4136 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd140046f8,0x7ffd14004708,0x7ffd140047182⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:12⤵PID:2008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6506755939389545668,14779831580784559506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4200
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5dde1ba85ad35cf651838848130155cfd
SHA1b781c26cd9552c3a8f437176a28df33ba698888f
SHA256788c6a2664e1477abda0e0f3e7ae9890fa2168eb3e5e0bd7161a978f47673b6e
SHA512a8a0864e91085b1659eb54c4f2a88d168c00dfc9b1a8e224149eb3d5fcdacac99ca84e868625680b69cfd54f0d40f20390c430442cce48cf91f413f3ace61a16
-
Filesize
814B
MD5b04734399b1e32b29f6ca5eb773a7635
SHA1b5f91993805e939495af99ba48e8b990dfba258f
SHA256c333a917e786c582d484c78b4daa4d1938649af5f54ea2c186ac1014ae8deb34
SHA512412097f025ac94f0338b6863d03f4bcc53b749a75a37246e5ff3e5bd9290e06f6ad1c74f22f6479706930addeee9e736280f8cddefab01a0781ff101417bf096
-
Filesize
6KB
MD579a20537456341f2c9e5664ebb4bfa4e
SHA1119744365cffb0dc2f2722c6b1a2f8f661c6c962
SHA256a6ab9c04ea9068c70b42b691f83fd778c129ec241837d40ff217f96b5db8d1bd
SHA5122db28bd6431eb7d6aa087484dd6af812e8a8dbf485fc208122faf1a4033d74c2249a27337a6a66583ccb82df942c0f4f5ae6b04368fed7a23c2f8b145c27a5b3
-
Filesize
6KB
MD50e33c98595732794228f2f9f39cc0f52
SHA1b6f08729058ee8fab5be5da1031eca88f5b6d50a
SHA256d3cebb52d2b8780659023336cd00e3a7c16f854cda256adff14f31d84548502c
SHA512126d6cb97614526994ad92b7ddc9b3e4d8a4b36a402cd8f9a1d0e4d8e6fe7d48da5500e4ac969da18ec8715c2b8e1101d00878ee489392d736851f8ff90cfb37
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50d9a320ab0f74e695462c746f1a69cfc
SHA18a4866fa056e9d0d2dc6f8e19b55b297e33c7fcb
SHA256522b58094de74050b9c852639c34d40585f9fecddd4163d1270aab02eb59c7df
SHA512b1841dc9e7bd14ce272b81a52d1ed7c035fd4cbfd03c53c601731f3df9db90521c0dfbbce72357173eb4de4854afe5476062b47f97d8563daf3f4f25ff0be6e3