Analysis
-
max time kernel
62s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2024 12:50
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1536 msedge.exe 1536 msedge.exe 716 msedge.exe 716 msedge.exe 3176 identity_helper.exe 3176 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe 716 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 716 wrote to memory of 4900 716 msedge.exe 84 PID 716 wrote to memory of 4900 716 msedge.exe 84 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1036 716 msedge.exe 85 PID 716 wrote to memory of 1536 716 msedge.exe 86 PID 716 wrote to memory of 1536 716 msedge.exe 86 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87 PID 716 wrote to memory of 4488 716 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fdc9a927.7e66a8669de9d783d8c95674.workers.dev/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc07547182⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6327449701087758394,2082437730213216141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:1552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1780
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
21KB
MD5affc2b93a9fc23bbba65931b19b1e12c
SHA1a175097d2aa7ffb4b54193f197f296ab57967308
SHA2561c383d5958a56ed0858150b049c83da4d4b31a4ac05314ae9a4f623933a3df25
SHA512ebcec84bed7e03d99f02ba97e8a6bcfe157b2b1a78399f1493f8ae5476f7550b23fe6b1023d7c19b89d56d2ab8ae51df4284d0f8ab001d86acca019f30e97215
-
Filesize
7KB
MD5c8e5bd008f8f9404f33be817532bbfc7
SHA124bc972cf89572cf93af8dd3a1527b92e0f580a3
SHA25631a7cb2442d1b5c091ef018f00db1db21301a3f05611e801bd1bcd756aa2b40e
SHA5129f85e56b50d4bb57840bae9b31eaf2cb8754714152feb51500a5de58acf97ad362abe1665c53af79aebd1e4289be7c9744864302ea1b14b544066329651c76fa
-
Filesize
6KB
MD526e3c133117e211f60783620c9091ac1
SHA14121df3b159ad39cb6cd507e2e4bfe3a436959da
SHA25681814152d2b2d2d90d984a27db6c908fae36830e6f03260f162868aad8630c12
SHA512087ac2ff7832c962fa858d69f1d5b52ff444537c7e34b7f507dca579e10dc6a4e8510599f8b23dee83df65f4872e4dce27b2bc81e03a494964c0daf46b9d7b31
-
Filesize
7KB
MD592e8570a93a8e4445619f5c2b4ac9767
SHA1afb3e1c1d5644f32088f54034c4652b50ed48a41
SHA256c997e576ac5994f7684ad56919eb3c41ee18df7a7a3d007223e744b30f622527
SHA512f4cde4bfab334eb3ea252c7ef5b407edbdfc164fadd9c312c6b6f24897bd38293563fad42d3101153939138c788f9956e42fc25c1fd664f150653e60ba8d39d7
-
Filesize
871B
MD5a40e3364487f39c7adb89465d78a8dc5
SHA19ccda39a311e048829b0fca5c50b8ac98006e400
SHA256c3799a7e8b7e86da6fb2a3dcee4c632f36a157b1d9fae20f35465f53afdc2b31
SHA512348a95fc90c41bf569d2632c919e30d7d13cbe2800b7b28b1d94c0998b347b9e0495bcd701b6480f914975a1744d18d59181cb3ad8988c295032c36c50850376
-
Filesize
871B
MD5676c0a9e7a1acf1a3fe78aa2ac5687e5
SHA17c5984eedd4a75ee08d9ed584e49c6ef859b39d7
SHA256cd38bb7ce18a3c9c268a01bafe941d2dcc6e0edad239c1fe1159e1d531722b04
SHA512c079e7d9b487a5ebd4059b147a5bd5ec1586d228f3ed5cbde19788d4ffb7e41cad371dd03af69683d4bfbc06de780dd3cb631ab961fed5b5ba90a36f171f5631
-
Filesize
705B
MD55b476fc65d584470aa8b887a44b99703
SHA1e4923251ffec09e35aa394781bbac48b758619c9
SHA2566813e1d0b62a9047bf537256ea58016c3fa7e10c975e0a88a25665469d95a969
SHA5124ab72d5c8cddc3139784db60fe814ff030bdfb76d447d83d7b0c17e60b086103fb040f86717dc77bd3036739a0484144e84701eee665a36b281a8d043316b4f3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5f4dd8819e3a3e5105f1974ca3ba0f69d
SHA1fed349b576346c5ad10c26e5db5391f895a86a84
SHA256c5502a467923985361b49df378af5fcc37c4ac8122f59099bf8c1bcde0206a84
SHA51213ca247167c2c2775c047d083b035c65cc3c45705c0f27fb51fda45cb24f023aec5e0e5d10083244ed7f2e4680190a31c90d43bc8ebccce6fcea413e776fab0c