Analysis
-
max time kernel
10s -
max time network
10s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-08-2024 14:57
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
msedge.exemsedge.exepid process 3272 msedge.exe 3272 msedge.exe 332 msedge.exe 332 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe 332 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 332 wrote to memory of 5064 332 msedge.exe msedge.exe PID 332 wrote to memory of 5064 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 2760 332 msedge.exe msedge.exe PID 332 wrote to memory of 3272 332 msedge.exe msedge.exe PID 332 wrote to memory of 3272 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe PID 332 wrote to memory of 1524 332 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/app/3103760/Animals/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:332 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffced0a3cb8,0x7ffced0a3cc8,0x7ffced0a3cd82⤵PID:5064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:22⤵PID:2760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:82⤵PID:1524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:3644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵PID:4388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:3436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9322482027966117742,17108602287613841932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:3660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2904
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52ee16858e751901224340cabb25e5704
SHA124e0d2d301f282fb8e492e9df0b36603b28477b2
SHA256e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c
SHA512bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba
-
Filesize
152B
MD5ea667b2dedf919487c556b97119cf88a
SHA10ee7b1da90be47cc31406f4dba755fd083a29762
SHA2569e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f
SHA512832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72
-
Filesize
5KB
MD5e91a6e5f22365f8780639cc2ce32ca62
SHA1c04c11dac22a4a43e0e2a4787effcaffcf62dab8
SHA25684570d3fbae428aedccdde4890d417ddb64f347d67a2dd9fadcbf9df6111ad4c
SHA512a089ff2c7f4b25ee86b065a1a9757f83997eb67d47e9d9540300f7af46d532e2889bdae5cae27b0ba28a583a05a8cd6e966b184c5ebd5582c34e9b316601cbed
-
Filesize
6KB
MD5a9ec0f5bf6d08a930ffba5618f5c3a8e
SHA150cf902b997e0c38dc241d7e72c11affde6c3855
SHA2568fefb16a21eca424e8462d1654c35c43f46100a0ae080597e23c4ffcba473648
SHA512dc8c25be508cdd7907d96e39aa37a02e6d44d378a60666b4e92dcd36180a1ebd09544e731d72e698032aef93b5451432aba5fd6fd205c46c90acebe808d0ee54
-
Filesize
10KB
MD55e71df70714c5dd401f19a509c045860
SHA153f16269ab269b0d35d60952f7758a1f59041742
SHA2562089874d8e5d5f3c6a52852560e37148d146fa1b46f4b948d0a158bb1757965a
SHA512f5159b3cd3f6d91f632ca780141e49db90dc0d48fdbab5b318e8baa0e9b43752598e6d842629abfec7f2744e8f36af4456f0a698a97376c1e8a953dafe259eed
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e