Analysis
-
max time kernel
48s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2024 10:21
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2992 msedge.exe 2992 msedge.exe 4880 msedge.exe 4880 msedge.exe 2848 identity_helper.exe 2848 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe 4880 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4880 wrote to memory of 3832 4880 msedge.exe 84 PID 4880 wrote to memory of 3832 4880 msedge.exe 84 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 4948 4880 msedge.exe 86 PID 4880 wrote to memory of 2992 4880 msedge.exe 87 PID 4880 wrote to memory of 2992 4880 msedge.exe 87 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88 PID 4880 wrote to memory of 628 4880 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://data.lacounty.gov/projects/lacounty-hub::exclusive-free-v-bucks-codes-2024-start-your-adventure2024-urq1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6c7d46f8,0x7ffc6c7d4708,0x7ffc6c7d47182⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:22⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:3136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11467154201465255230,15967207793652739616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:12⤵PID:5204
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5c26a49c4ed20fa3f073b777e68cf50ba
SHA1986ae2737a7431cc287ec07a76768f5687bad083
SHA256c3c7873e3e51c4d6f873016a54d227fad7f31b8f48704173032d038a8ed96813
SHA512adc3704060f2d796958ce298c3c860f3e630379190a3657e86a4aae483743ff882747dd05a88339d940531cdd4ead41cb6e4417cd34e9dedce88c7cda3a2b6a6
-
Filesize
2KB
MD5475e8bd89f8c7d4642ead6f86c1d3d90
SHA104393f8f5cb12bf243be579fefbe5961ae58d1d2
SHA2561f35e9e2f21b1c85d7cd96d2c91b23d647d9c5d6ba2e4b1be4629c981fa30a8d
SHA5125e0b17e1183cde7503ae204e67e94ea1de0bfa698643f0be7747bd3a133ae5716221f414fabb5b69abffd400eced1615198fe9a756731c8e9bf62546719e4be7
-
Filesize
6KB
MD5f5202b2dfba7c744b1620c40519c4aa4
SHA1591d9bddea86695267c8a9cec43bd72181287ac8
SHA256313d06215dc915bee6100c0f69a7774f625c2f65b6c726827b441a346177f937
SHA5128b4af3d1b51262472fa62eef4fc90c3521dbd57f60bd8518ce0e0f88d85025152d71e9060e3c12ffcba3e148fd929173c4ef5ca1ad0ea7e928891cf8356a7779
-
Filesize
7KB
MD5f3d220c7b3155dec339082030026e548
SHA109c4fda89d6e871250bbdc7e2f41c7a40fc6afe2
SHA2564008c0e3864262501520efe6df279473aa679d3af4532daa87068e197eaa7c0a
SHA512b2565bdbd6828bfa775f041d0353eeddff0e4f7e751f613d5085d87ec3328913a1ab767bce5516093d124c51c5d336f2ee270facf9e44a102a0bcfd5653148c2
-
Filesize
8KB
MD5cdc46f41f59c2d370c1acd05c6f37325
SHA193e10b3ff32f9b37890ba408cb2660e2fd0256f4
SHA2564ad3dc3bd7ee7c817f7b98af932486d579073fe6d91af857918525382991a347
SHA512daf2e807bf8ee2ada1da3888e97cffdc4e4198ba93eb201d80ddf96d92ad1585b424b5ca45dbdf7cad40a87b3f7fa1f082d41a952292ba455d85fba36f1adb5e
-
Filesize
7KB
MD531dc1f8850d6e50725140682077167f0
SHA18156ac0eb6151377aed2702fe14e551733fdae99
SHA25667d9d16a33675b409470f46ef128de660b47579ded1f11b5a262c4c61b2f09cc
SHA5124381806566956a66c3265be03d8e3009044b8301852932c5086767991f2eb482aaff3f5f877beb31d015a7e256253c045544377fd38023a5b413d9da1cf9dce2
-
Filesize
1KB
MD55fe3373e751b147da71e1ca219b915ff
SHA14de4f1afb89d74ba42370b39f31ddf1f6e05bc30
SHA2565debd3aceb23fa6326a6507ea66d9b8e1bfceeedf9cae16accd45c1134d15627
SHA51232c34200269803c7977b2908f77cfe99f8dc0133fd32617716aaaf350a5e483e749c65aeb1073f67b098414e36a4251712fca4c0210c2a0d42fb9f039df1a88a
-
Filesize
1KB
MD568e920af6489e6fc06ba40aabbcb30a2
SHA1f887021accecf89a01962c8353d4de6a2c597119
SHA2569f92aa9d98e2c8fcbcd5582c987624a5aff673c34a45d62e3c0dd10102f26a35
SHA512ed8575ddb39364cdeb232eb6c19ee1a2a4ce46045a26a132ac1e03f40d9697c058ca774d24c0621ed6b85beb1d4dc06b0bc05606c4bd90730890192f5fe3e600
-
Filesize
1KB
MD5dddab8fa8821692c71c81082ecc1db63
SHA1c0a0d7a138c7d7d50fdcc49f378e94380a8ed17f
SHA2567d843f60c78ebdd8023916992c72ea15226b64f2c82d5d255ff4eb871bf99ccf
SHA5126e908ed0a549e7f58483bfa89f00217206ffdb0078acf2949ad9a37e9c8dbfafd4435dcb75750bb978c18f4756131f8b0176db8d813ef612d449dd84565887fb
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a562cecd8009e2c6b37344489b403b8d
SHA12e7a64ce8433d9eceae3670833355e14fdf7ef38
SHA256bedf7d6b7083c4b1a41ed8e729c3dd13b763c24f5cb974bc90c63db1b1b3829e
SHA5127e9e4d2ac5a259e578d6f75b86af2d3d27cb936fa5d506bdf6ba3020d876496e821c95c3e62d197a4203b91c5ab0f33a598468664a4dd730fab1fb71d209ab67
-
Filesize
11KB
MD5067956e52d2962fa7bbf99797c96be19
SHA1c560fd4a661526e76e5de9ac34e1697dd57d5c36
SHA256f0bbc64e09e2c18493113c90d94502485a4d8ec792e4159a65c3251faadbba44
SHA512afbea40fcbcdb4ce80995511c79fa6879370b2595a998591b980e2cb9f85b0dfd251689f24d6d22dd7d799ccba2fad5604aefc86ca0d299ea85036484751cda5