Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2024, 09:20
Static task
static1
Behavioral task
behavioral1
Sample
extended-scp-420-j-experiment-log.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
extended-scp-420-j-experiment-log.html
Resource
win10v2004-20240802-en
General
-
Target
extended-scp-420-j-experiment-log.html
-
Size
33KB
-
MD5
ab3a10870633ea3856d24d5724192b4f
-
SHA1
e43b6cc75ff7b8be413bc26f80beaedb66d8a49d
-
SHA256
b399e30b727aac1fa6b25c251320893d6eb5b82006f80fe300d414aec1fa55ba
-
SHA512
d747aa36acc6d9dbbe3dcd6d41608acf3bfdedc62d74777a95485a675383f04fdcf5c6148d57ddb6c7f7c24053a26c184138900e60d11fe5bda2304e83e5c4ea
-
SSDEEP
768:tCWphiDL+5KihOoReO0aDXsFrG0vthKFwKOUgZneFrrgB/26b3tUsP5uW1nIBALB:zCDL+5KihHRevaDXsFrG0vthYVgZneFO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3836 msedge.exe 3836 msedge.exe 864 msedge.exe 864 msedge.exe 4320 identity_helper.exe 4320 identity_helper.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 864 wrote to memory of 4456 864 msedge.exe 84 PID 864 wrote to memory of 4456 864 msedge.exe 84 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 2640 864 msedge.exe 85 PID 864 wrote to memory of 3836 864 msedge.exe 86 PID 864 wrote to memory of 3836 864 msedge.exe 86 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87 PID 864 wrote to memory of 1624 864 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\extended-scp-420-j-experiment-log.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab34b46f8,0x7ffab34b4708,0x7ffab34b47182⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,158389214576407274,4841471667242595051,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:468
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4832
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
1KB
MD51cafcc6a803813fe3036119e149e9cd0
SHA17b39ed2b4d27de11549f6b590159ac5d4d4b4235
SHA256979ec1b254c65388f8072e980e4bfb98495d40ecf80789963c864a62e6e55d73
SHA51284f4cdf62dbaebe53e79cf509de2697217a7e8f30b412b5c58c65aeafcfa19ae9d16a22afd18a8c1a09c80eac9f7ed1b723c7fd24773de2a7a68df4abd7e715c
-
Filesize
5KB
MD51cb4a73b5739dbfd32c6283c74ab32a9
SHA1baf285a919ac2d1d82da0f5d4f36d0bc40ecb212
SHA256e435f05da7ab9f56a15935c5a9077b529efd8cb074aaaff0e4ae1d9f00a3c383
SHA512147354dad097c96b2599a640f09c3808d5a85cdbf8747781651a98e15f4a743835cbcf9f99e65921a8b505ece54de11c353d588d9d8624229436c8f223127f9f
-
Filesize
6KB
MD5fefcfc68a4230cad7cd2834c40cc9851
SHA16960a6c4b19d9e2be7c6d20171c38399d58739f4
SHA256b16fcebdd61214d7736f94ce0ab2ea94876af684478c9b1669f47d7d6544875e
SHA512f3822e8b8bfb4e07fec62cc77af4ea274f09d4f38ad9e31d3e7a6e88790375bfcc57ef56fe92f129edd87472b232a882490536125a0b596ffbf817bc9d97ef5a
-
Filesize
871B
MD57e6430918e7a68ab520c415111b749ae
SHA1dcd9fc1680b99a61ca1e3a47fb72a71fbaf9801f
SHA2564a17a2c3f21ce78836e52281fd3cbe6f7b3ecd6560b9abafed0f161d0482bde9
SHA5124bff598c652f2befdffbea70c30162b6ea49a4234d90ba8aad9366fd11115d253f293bbfd592304160511a98562232852584f0c495b285f0374c7cc75a077019
-
Filesize
871B
MD532a29e58e74f1d347ac3f6151c403a4a
SHA12f6c6db2def23f31ccef6313fb41d0cfd2a6fb04
SHA25623cb46e9d451e4b18f22da5acd7ad08d0a055aad4f1fad1dc00b9119d268c7f5
SHA512129f3238a789120ee3ede595ed75d701b19c8da56f5a88d95e345a2e9eb98886f307aeaee7752d45ed4baaf43ced6c1201ade48790574b84df450173d48b957e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5581b747231ce7819600416733eb63255
SHA12979d73cac1a8a7ef8f70533e0f450c6d89cbd0b
SHA25653c00cb005ad01b9d503ed5e3ac955e7562d4e73092bf696a95d6bb84022d245
SHA512a744b9c5826fc9757e1f506b61e23d7e0958dfce135692e7934104af6c2777774687529d6c7115fb0c20e236ca56c302edb41aff2d8dcc342ebb7ce129dcf2b4