hxxps://toxtweaks[.]shop/

Analysis

max time kernel
69s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://toxtweaks.shop/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 1580	3100	msedge.exe	85
PID 3100 wrote to memory of 1580	3100	msedge.exe	85
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2664	3100	msedge.exe	86
PID 3100 wrote to memory of 2044	3100	msedge.exe	87
PID 3100 wrote to memory of 2044	3100	msedge.exe	87
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88
PID 3100 wrote to memory of 1492	3100	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://toxtweaks.shop/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f574718
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10148431171369911346,6492820661516127155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
35KB

MD5
917db31534b73b6e97e9a1a5b55cb9fc

SHA1
e5d4251170db1d043338e450bc0fc6a1de44591b

SHA256
c11998919d984f595bb7eca9d842c37e3ef253780b3a13801a54ca39794f2c51

SHA512
e9bfff55beb1969d807775abe709e971ee1da09199e861966fd482c6f15812d6a02f566626b99852a419e3469703948df3a951ca197410d1fd5783d7fc619394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
26771ef38658d293624c0da03ae018a8

SHA1
b151d5fb703a362d1503db57ba2dcf7a0a64cc8c

SHA256
4075aa44307929034cc3cf677551440be955130c7f2c5e7fd7e1a7aca279089c

SHA512
4b5a572a1ed36210b20a66dc4d169af875b49e14ebf5a1581bda5c4c59319a5ffd22712ff56945b26088f00efa5a2358a37357517092ff12d8d1c9a808ce58e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23db7375043b5675e33b586a7f504319

SHA1
1069f06b1972c12be4ab7766a78d63b3389c27e9

SHA256
9b8cfd06f1e1f1090e31e6d169b79207d9548814bbacfb15aa4335c4567ab291

SHA512
e5bf2848d4946b2a2e21c5167bebfbb6c64526bb2284c1e5bc36f17e5b26356f0af5f0637a7a5b783678c4b83abe9ade2216800390e90a9ecb8027f99bf45233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
302b697d694eef6855550246033249e2

SHA1
c7e473ceff299420a11e52705eaad5354b752bfc

SHA256
f70500e32e425c96aa4190a52fed85588f8f274ed52330f18bfa82a227247b75

SHA512
4c1292b3b36f6ff3f265ad981262e1d8deb94fac8c143a88d6e2867514c6e5769f2b547d9d5c2f8f9f4b8f15b76108922a387e20100451211116b6f5522384ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2085ca2-ed22-49a8-b5d4-8d8d8ea6ab6d.tmp

Filesize
5KB

MD5
f5f12295eca092606d626eeb2ef4d0e7

SHA1
43eef90b20c286e793aeb4b6722d150c5662a9a8

SHA256
1d8547fbe2ae9346b6e53f9de011a2003f25f3a8a1ac80e3fc1f8bdf4ede8568

SHA512
200b889524ace6590df4360fae23d4fa81f77103fe82a20678c5b60f92c5dd63d3d624ccf4cb6d59266f6ab2e3fae83b4a88e352e6a361afa78bd3b70b4864e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eabe8a08538a6b7b8bbbd4f5c0712c47

SHA1
c06c29502e9cc9c65170c8ef7f48cef8d1b5b6d3

SHA256
f224c22088dc054fa922447ba5002c6d4bc8f160cc41335bd33afee5ba7c13f1

SHA512
5ebb78041755dac5ac076d6fa859846393b5191a47380a6e29b7eb52875532b004ea135212265a530fe6bc8c87aedbad06d9a41fa947c2ae1c8ce06a28751ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
99f6f922a258812c330241f0b0e30293

SHA1
ccf57ad26c32d9e3ce117a74061a125727078c54

SHA256
fc893ec1a3dd1c4aad9e61daacedfc9edcbea46fe88ef028282c56cb63602c00

SHA512
13c06cd008e27d966daa41d060f5efa83b61ef0cb675edc512db89f8a2eb6d3d6c1a4bb1b8680134cc4aa458f070b80a61e2db4dba043f504122156a8c29988e

Download Submit