Analysis
-
max time kernel
1693s -
max time network
1685s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/08/2024, 09:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://google.com
Resource
win10v2004-20240802-en
General
-
Target
https://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2064 msedge.exe 2064 msedge.exe 2616 msedge.exe 2616 msedge.exe 3368 identity_helper.exe 3368 identity_helper.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe 1960 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe 2616 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2616 wrote to memory of 2852 2616 msedge.exe 83 PID 2616 wrote to memory of 2852 2616 msedge.exe 83 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2820 2616 msedge.exe 84 PID 2616 wrote to memory of 2064 2616 msedge.exe 85 PID 2616 wrote to memory of 2064 2616 msedge.exe 85 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86 PID 2616 wrote to memory of 3888 2616 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ed46f8,0x7ff9b8ed4708,0x7ff9b8ed47182⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:2560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16927521575030157427,11903586742347649544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2468 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1960
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD547981c3493690659da76a60a25ae64da
SHA16e415c886bc31a13cc8215c6d8cc6fbd0ae85452
SHA25617d2b024d29baf4968b9ce446fa0a1d091a407ccbfd03db88beacab6622f01b1
SHA512028f3e84016dbf2ee9baadbd7d7b19f42d66bf35a63c56d5055f2209503b0696dec71c0de19a72590b12dbe6e5e9b37fd5cdb399d58c75206d3d25c3fbb22c20
-
Filesize
1003B
MD504bd4d85db4eb5f1fac826e677cd96b6
SHA1b4e176dd75a50bd489c88ce09d6036d87b005dbc
SHA256e8d0463c38513f713f1c02db2143122e9e5cad0af6515a6756f210cba6304473
SHA5121a359aa5c42e49658331dff6103fa5e6f62d26f9e48575aa19519182effda47cae12e15b29f30d3e6bcb5ead20b2a04fdf1b0ff1ed6b9ac39b8fecc640799a7a
-
Filesize
6KB
MD5177adb3574ce83c0e3151d479315a828
SHA1cc39458b86fd72fde94f657f083480b7c6b85eb6
SHA2561575f550ef1b1927d3bac7967124bbf6926387acefde723e7f2b5f8edfa74b27
SHA512932f99c7d7d9e946a55c0b25fba9cbd6bc7cfdf89c5459152216144a906f2e03af2ccd744d7a8c1812eb62cbd11c2feaa54b4f55bbbf29a961961eaa3b437c94
-
Filesize
6KB
MD5d23b1dfd6c7f3035de26d108a56e6c72
SHA11d9bcec4637cf0e1e1901494875c2b0ac2689668
SHA256bcd60b70871310b6e39f11f7eb6b3a666d5c7b66c7eb537bf2fe46ca27eee1cc
SHA512f007a4476412a2c4acfd04a5d373d68c2489ec55c4508f2236c9e41957f0a284c0544f74e5f8a22362c12f7f127b491cb32e42ab1c5574e7fc5e777e293da3ef
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fca866709adf7264a6c6efc0effa782b
SHA1958799af90f73bd3afba7aae5fedaa0eabddf627
SHA2566432fcaa9b0494085faf7554416a179b83a7403e2e55b61a813a8cbdf1500774
SHA51289d09a69045f217288d0de324cad5ecf5d1d4c4cf02b8c6950e898245225901dd7c5eaa7ac42dc2edac5c0449773c05e9c51fbb16a4ebd2b17ff6b9eaf70556d