Analysis
-
max time kernel
19s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13-08-2024 20:20
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4580 msedge.exe 4580 msedge.exe 4920 msedge.exe 4920 msedge.exe 1880 identity_helper.exe 1880 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4920 wrote to memory of 4424 4920 msedge.exe 84 PID 4920 wrote to memory of 4424 4920 msedge.exe 84 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4140 4920 msedge.exe 85 PID 4920 wrote to memory of 4580 4920 msedge.exe 86 PID 4920 wrote to memory of 4580 4920 msedge.exe 86 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87 PID 4920 wrote to memory of 2028 4920 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/AAb9ysg1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff8078f46f8,0x7ff8078f4708,0x7ff8078f47182⤵PID:4424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:82⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5607756556313069399,10183454094264819906,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:1384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3292
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4308
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
22KB
MD5c654a623ad90bb3dcd769dbbac34d863
SHA18719de38f17d8e4d73e2a5e4e867d63dd3965baa
SHA256deec787cca1b9436e080478742a0299e0db1a9712543a72d2cdc8373fc45a432
SHA512b7440cec44b71bcdbefcd878a860ee3cc0163dc0905dc688ebcbcd7c6f5cfdfc187ea0c2b6247a362ad462450c34020933df7825cf6ceaeb3138d65eb944abad
-
Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
Filesize
6KB
MD58a2fedf677821c7bd8609a5fd3df24e0
SHA1f38fb0c9ab8a7e1c19cc04713a0d0f3a22b267ef
SHA256f428466e77f6896bfebf5b2f819fe2ffee385e885a470fe7a2f1f175944f7f50
SHA5124684a5063d7727f1173f8532847b2305956e6c51fda3c552c88a63ff2ce336da80ca9248f651eae37b64cd26508b3792b729d8af1102e25e0a91166ab18a8c77
-
Filesize
6KB
MD57c8881a0c28b8ee009a3c33bb689c5d3
SHA1c4f8b39ee2087da6a0e022d423472b88d4b48fb0
SHA256f688c21c7fba1e2db0fa7eab55c00760fa25086c82a4be786262880e9f30cc4b
SHA51250bc99dee2e461a5b0be49896ecd427f70a1554facba3b13d373ca28d1e78fbb14a0d0745dce87e95e17fccb4f5969c4093de6a3ca94710a16f0ee649d7c422b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55418ec49c0c363d78bbdddc4e5c1c3b3
SHA1a19fd4cf6c781291628189391677ed21612c09b5
SHA256c5f3a7e6f0253cb508f6dfb98868e4366279e2ada21431a9475ce3ef27f2a5c6
SHA51298bbf86f1560642c1e1b6c5a3bba6df74764cae0f8a7a2ed44cc69053e10e9aa9d1612156261441b77fa54dd1750bdf675d9b48635af0e357665f017bd0d616e