Analysis
-
max time kernel
1794s -
max time network
1686s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2024, 02:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win10v2004-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1016 msedge.exe 1016 msedge.exe 4472 msedge.exe 4472 msedge.exe 1096 identity_helper.exe 1096 identity_helper.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe 4400 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4472 wrote to memory of 3656 4472 msedge.exe 80 PID 4472 wrote to memory of 3656 4472 msedge.exe 80 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 4540 4472 msedge.exe 82 PID 4472 wrote to memory of 1016 4472 msedge.exe 83 PID 4472 wrote to memory of 1016 4472 msedge.exe 83 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84 PID 4472 wrote to memory of 1624 4472 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab98846f8,0x7ffab9884708,0x7ffab98847182⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:82⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,10026498522995954651,2807628898711397869,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2364 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:376
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4288
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD543db74f5ae1bfc9232ed51530f1b7b23
SHA186e7ba841a5d89a869b8d55013361fddfce6244c
SHA256ac31522010280d5a0156bd7e83a69d249745a4486e518588b918baeadfa2253d
SHA512b7ea691c5a7909283290bde350119fb561cacc5c3facf6044a56bb5595c5fe0d3433503f47a98b6ad8a155361fb5365252c5cae1d72ff2a7803a6b01addf9d89
-
Filesize
815B
MD559f987cf1f039ffa3e2caefe5ac39f24
SHA1450be9db7852e86ec6c4855f5b2b4bf88b76d0ab
SHA256d17f87d40c660c952e73bc19797801c590832f5e85118e5c4f8d5633d5ca2ed3
SHA51264ae53876d9f5d38a90f82a82c09113cc1e3b9fa84217b701bc3d20b6b86f4a087649097d861687f0e3d97446781056931ff52c1f2e345247d519f5fe8cfbaac
-
Filesize
6KB
MD5cbaa75e1efdbdf1fb2f87cbd292e481a
SHA11d38d321e8322ce41ee4ed24ac29b46fe5939178
SHA256733f4dec5548b61cfc4016a2b3730246be3ba6d53a5c02805b2fa2a9f6e7d701
SHA512a9ffa8168b1e9495f5865946bbfdbf492eafd789ae2d687ff185321abf6377a21f56f9c3197883cc0ac5aaaced609a0ef0db8b67b572a97523806d3d5d2b55eb
-
Filesize
6KB
MD5d849f0f1a099a6161ace0ebaccdf08bb
SHA185ba2f0e3b2e4099cd6d2eb1af17ba55bb47ca7a
SHA256bd391841724b205ccd643ea56e7043525a7458ddd52c639f6992d7d799fdf45b
SHA5123befe694b42203657c176bb0dc728c09e45cac3c31a15a3eecfd950a38d33fbeca40fc4cd8e33147ab17a774e13605f0d3529f662ade4627d9f41e6f2f88a52e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5b077b68964d97b98e11a818666f844dc
SHA15aa945643ad7117426ed4e51f53fd941b19a5d5e
SHA2567e2281e6aa0404aa483285d3042dafaa385f0aacd6b737e98b2db873263132c6
SHA5120260ed85143a52bd3725e772e84f3606159208980303b862aa80b7a87d9fdafdcbf06ac0d047a08fcee2dcfa4d796fb01d06a12094be183bebad505eb6aad6f7