Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
03/08/2024, 14:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://google.com
Resource
win11-20240802-en
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4680 msedge.exe 4680 msedge.exe 5632 msedge.exe 5632 msedge.exe 3316 identity_helper.exe 3316 identity_helper.exe 3152 msedge.exe 3152 msedge.exe 2744 msedge.exe 2744 msedge.exe 2744 msedge.exe 2744 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe 5632 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5632 wrote to memory of 5824 5632 msedge.exe 80 PID 5632 wrote to memory of 5824 5632 msedge.exe 80 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 2428 5632 msedge.exe 81 PID 5632 wrote to memory of 4680 5632 msedge.exe 82 PID 5632 wrote to memory of 4680 5632 msedge.exe 82 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83 PID 5632 wrote to memory of 5432 5632 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff36b13cb8,0x7fff36b13cc8,0x7fff36b13cd82⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:5432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:3144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4090197439919360446,10339832771402626809,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5512 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2744
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53e681bda746d695b173a54033103efa8
SHA1ae07be487e65914bb068174b99660fb8deb11a1d
SHA256fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2
SHA5120f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8
-
Filesize
152B
MD59f081a02d8bbd5d800828ed8c769f5d9
SHA1978d807096b7e7a4962a001b7bba6b2e77ce419a
SHA256a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e
SHA5127f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5a8307f4e45cbdeb7de7b94c4bc93c8a1
SHA1d54ac5fed7328a77bc20224588e6b62732c2048a
SHA256049a851b051c99c38661da8d9059d5dd1442db84a8fcf9834d941ed57363b38b
SHA5127717ec50ccb0133f8ba5fc342a5655ef0a18a36643591aa3048038ad085ee824d3226751a932565a15f1ec266b0feeccf34269c476a75067a5d711e0fb13516b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD576ed32bb55ebeea5127c22cf720ec53e
SHA1a58d4f495161b40dde27f14ea82610b0222b0ef9
SHA256d09221be950fab60584726a57be3c9dcf0027a2fe6e251b55a35ae66c6d2a581
SHA51292812e0630be7e21ed014c5c4333ace00798e377757b4372b428973806474638c1290f148704d43cbe074ddac725aa94cef897741557e9829f8f4fe366699f39
-
Filesize
846B
MD54508f80220fff08e37ff6eed04654afa
SHA14cc004d9a94ce1c6f37b09db3e0ff090688c033e
SHA25642f92766a61c8a2071eea041a3ba61e17084958979e3756c1b6d5ba13d17bb4f
SHA51218dfefe9d7cd31282d3961a43eb0b253d7205a829c5faf0d1c9292c8ab98f778bff239f50083ee0df540c9199406ba24e98ebe74ede675ffa0810ec6b6af31b2
-
Filesize
5KB
MD5f5f7f77cefa0348830dfe55d5e669032
SHA16dc982cf04cb7351f804fc93ffdc3eddf3415ae1
SHA2562e7378bc289eb317fc4deb06f06a6ea1f2d4607b144fe3c5fc78a017005658e2
SHA5125503e24eacda739c4dab140a1bf6cc18d6063497449d0a6f54670be2a3497d65aceed4b6b7e14e9d44f620995ccb91aed7fd581d919ac06c20dc3213831f32cb
-
Filesize
6KB
MD5f048ad1e40d884acf953271db58e8643
SHA198308e42d2f8badace6868878977a6dbc85f8c1e
SHA256488947236374d70b2215d6513a77881a6c55e00eb2b7c5e26e0e64ba8f0e9a14
SHA512cd510bbc1a3fbe678b6bd6a70b8dceb25412b1be757d5b1a5218ee33216c59d958a5e7fda680ce1ebe88aac927b2112570d68721d80e843f0b4a9ff7e6ed4c12
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5d96886b3f36ffe7f2b4c609240d2888d
SHA1389c37168e8c0cbdcea679a038b52dde1e594a48
SHA2566cec48f094c960d125b51805d76ee7b15ed8e596fd7e33264a42924f01e1a3dc
SHA512749a30f9b6a67867153e47e4d337da09c5597d25cdd6e0fc7a8c80e92028d45ca94d9031fdcf7c14feac7ddbc858844f537997f30f6f4765b5f29aa5d4bf9638
-
Filesize
11KB
MD595d265a99524675e9d219c0fc6b4e006
SHA1d4fef05f3f06d4ed799c1cc4cbe2f80deb5a9fe2
SHA256196761e08fa6b873763c52099067ef05e6a277a356928a18921af0ee91baf7c5
SHA5122098f27d5a032c6e29d26d0bb427b27347d259b22112bc06e360d517b47ab2d3f69a71cbfaac4c8b1d53908cb54dc11e8edb3aa15ebc6c9f3f2bff587afb4769