Analysis
-
max time kernel
15s -
max time network
13s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
09-08-2024 06:51
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1228 msedge.exe 1228 msedge.exe 3320 msedge.exe 3320 msedge.exe 4940 identity_helper.exe 4940 identity_helper.exe 1896 msedge.exe 1896 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exepid process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe 3320 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3320 wrote to memory of 1980 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 1980 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4604 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 1228 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 1228 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe PID 3320 wrote to memory of 4576 3320 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/5kjVD1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa49bd3cb8,0x7ffa49bd3cc8,0x7ffa49bd3cd82⤵PID:1980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:22⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1228 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:82⤵PID:4576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:1476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:3748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵PID:2392
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:1988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13496604983435294811,2283162050923810546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:3192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3388
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50487ced0fdfd8d7a8e717211fcd7d709
SHA1598605311b8ef24b0a2ba2ccfedeecabe7fec901
SHA25676693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571
SHA51216e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993
-
Filesize
152B
MD55578283903c07cc737a43625e2cbb093
SHA1f438ad2bef7125e928fcde43082a20457f5df159
SHA2567268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2
SHA5123b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601
-
Filesize
6KB
MD5f16d1f1a4cc8523de85a7077ce7cf370
SHA1a4278afb84b5f433ea0b91037a32a67c3f4b2a03
SHA25610f4759df7b3c29595341c39b6baa3d59d470125fe7100aba698589f61b6fab1
SHA51217f949503fe1033d619cb7d0d675b0fc3cc8d1aa52ab372fe78b33c8fb9645223f34b1755704f706a52c2e8c448378b9cb36f3d1a419e779754d2c6c633be659
-
Filesize
6KB
MD562bccd7b417fc4f956d18eb4cafdcdef
SHA10475e214189b30ea23e26861a51ceeb6cbd5bffb
SHA256c77ae11b5edf9e57ef51d6b4b6fd566afd1eb35eb5b13126f6960b87845dc52b
SHA512172466c7533836d037a420b3d82b52695b9ca375fee70451c06c8ffae85ffadf3d8dfea4dfdad5d6cd55c88aff25a2667f3cae0c8f6a38043882d8d9d601fd3c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD564e1a0892be903eda2c931a88041b98e
SHA17ccf1c89e745d5404e32e720f5850b94ee8f866d
SHA25614c2a8f73f308eb9c557945fb87be62b47176c4d0673f73054e2af300cfbdab9
SHA512c90fef3ee6c4dd75a1ea0b2415a12caa9fbdb5164e787a1884542a5e1d284300757b7635006ec4fec666afeeaa419d98428717a8df6665bb6c83a1b6a0df2da7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e