Analysis
-
max time kernel
480s -
max time network
556s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/09/2024, 15:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://is.gd/pV6C6t
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
https://is.gd/pV6C6t
Resource
win11-20240802-en
General
-
Target
https://is.gd/pV6C6t
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4656 msedge.exe 4656 msedge.exe 772 msedge.exe 772 msedge.exe 4892 msedge.exe 4892 msedge.exe 3508 identity_helper.exe 3508 identity_helper.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe 2948 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe 772 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 772 wrote to memory of 948 772 msedge.exe 79 PID 772 wrote to memory of 948 772 msedge.exe 79 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 1336 772 msedge.exe 80 PID 772 wrote to memory of 4656 772 msedge.exe 81 PID 772 wrote to memory of 4656 772 msedge.exe 81 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82 PID 772 wrote to memory of 3344 772 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/pV6C6t1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb12593cb8,0x7ffb12593cc8,0x7ffb12593cd82⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:1336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:82⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:1440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13657272974068166360,42555785479309530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2948
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4392
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:672
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8276eab0f8f0c0bb325b5b8c329f64f
SHA18ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA51242f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918
-
Filesize
152B
MD5058032c530b52781582253cb245aa731
SHA17ca26280e1bfefe40e53e64345a0d795b5303fab
SHA2561c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA51277fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5ade0f4bf015aa454b42b298b22ac4d28
SHA1d2fb04d18616b3f3d16209b5b2b99bd2b77ad119
SHA256a5bc5101f970ec45d1a34bc076550676a3217fe4f74a09c2eee46f168a063169
SHA5121c9c47c319727342a04eb119933d1d590c84cb3c5dc1a0f6a5c4530fef5c162b0a2b4269fa22bb8cc2889c193fa51c4cf2ed59eb0599749e4fd1cb9352217982
-
Filesize
1KB
MD5267455ea7622bdaad9c80edc61cd220c
SHA12e1a3a08b29bdf0bda2d1e4b0ec440336a40758f
SHA256341fe38c973cf7549e4d85ffadbcccd600bcdab105fe0bec642aca7a90e59e21
SHA512a4a0dd36a013d7d63c23d8388ca94e15e2ebff2e5e1c4fad3d38b85fc377a371b1e137b254b446b4fb8baefd81e831cbf35a2898747e09bd03a56e2671b7f23c
-
Filesize
5KB
MD5270649b0783144bfad8cc98a5eeb9b7f
SHA161cfce0c2e96c4b722f2cd750527d180aaacbbcf
SHA2567bae9c53571766d34db4f1ba028696efa8a7051160bdb22afc7569087fc471d1
SHA5120b302e66da336027a1f71cdc6b10762f0b0c1fcd332c3eaae26c22bda6662f1fb7ede6f2f3d58a2ffd0e49cf20d1d4286abaaa874005f11aad4166d37d5f51be
-
Filesize
6KB
MD5842447cd542d12ad91ec5db80f3b2723
SHA124542aabae51ddf6a17f38f6357e40fde1df9b99
SHA2564547a8ece856a9207f24b58f909db98f85c146f0289de0bccca03021334224ef
SHA512841ac94dd8a6fee6f1776224ab8b87b2ce4d9a1b5181d159be8bae92e4333409aa6a13a51439357d7b24b970f4513b1494acdfb0965c85505e8734b911eb57b2
-
Filesize
5KB
MD5a3c0ee4de11645cd7494de4ed42e9d27
SHA1477d07f92903f9cb0cdb8d43ea1d34bf35eb2e41
SHA2567cda32a211de5215c8dfe567ba89bcf505a2863e7e3b0e5d1cdfc52dbb765755
SHA512b3c1a684a59b4d8b872b60da9bd9628f04e2b316062a99cfacb95aa5cb5ff9a73f36fc9ebea098fdc3b98fae5c1e76daafa1597f646bf3bdfa0d421c4f923afc
-
Filesize
1KB
MD5a18dc1f5d24fefeb7bf95cb9a81b912d
SHA1550abb8fa43d970ec113010f4e255e306d12465d
SHA2568c49d69ae1f5e35f707e004c5ff9632d2e437d16970b8a2b3fb249fcaf8f8eb4
SHA512974245e22d2339877fed55cc66ebbcc690b1995116d65a9c6e5d636e4c34c71216aaede8880e68af8b85611e8e32756d0a788fa9961555ddb23ab95e38c42165
-
Filesize
1KB
MD585b872d29c4c22c0173fbac3ec0c4a20
SHA11a9ff4d29c38630f0461684e0a70b838c362a247
SHA256059665e1780926a50837e0db141307c31a97856919076b38478b185d93ed5788
SHA512ca6ebdfa3e072b0c5c844b3f7c3d2883314094cf91a48915fe2018b12b2af838fcc7ae5e8f88d19c831b30c431fdec2f4f4a2461a2fd3c39e84e397f78b2b239
-
Filesize
1KB
MD53371914040424dc978d950d585c999ee
SHA1c35fc8884991a45e71024c70a84b80e27dac7be7
SHA2562c1cc95c8862a9e3c40019ef90e12fba62f558844b71e6728a7fff1d2a51906b
SHA512dacc2c1bded8c1c60212fbbd2f7b81161eeeaaf5f7c6c0e1bfdbf3e9bed7a637535ba2b1c3081d2e7d39fdd3f7d86412fe9b78f47bd174e61eeb8657c92912f8
-
Filesize
1KB
MD586bd36a9ea8ad637c109b398f104b50f
SHA1cc080a2a872d4315182578027adbe062e0251ff1
SHA256a7580ab60b7baee09639a2f1cb20ea5419e144ba70459281d4c5257f85e9acc0
SHA512020ff47e51f31259c83c758d9dc0f1cdacd342e4b08f48f7d17c3028121fb9408992c8045d75b7abb90ca37aa972d7bce329d08e4e2fc2c106a7d1991c1548ae
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD55b9abd80ce93c53e86a27fee559d06c6
SHA1d7e6383b9034f642341e56c74c190c45863ae085
SHA25687af64bd6bbaefe420b9736905942fe3e07c2d3c1abc36428cdcfe4f35d0ad45
SHA512de69092038044c42be8a41554632025fe899f387000b101138a5937d240f62469de3fe6c5abf9867a46e0289da16fa618556a0e84f1a4a25305c93e7ab930956
-
Filesize
10KB
MD55b1ce7c20d2a604f7e942bff3a20de59
SHA106fb080dede1d482deffcf96fe5b77a25ceaef73
SHA256a01f222e47007e81bdd842438bfdecbfb1e4f43c3300a3a5923cc7cd4c409761
SHA512a1f981d9145cf6085e48bf1a2e0d3bbc3c045488ac7138e6866e6e3ea562dda647d7d2442eb94de4c934ce1ae274df0fbbd2c0fc9b9abad9743c3932c55b44a7