hxxps://www[.]euci[.]com/event_post/transmission-technical-issues/?src=Overview&x=96389x4861035Bv&cid=4861035&dmn=bchydro&ind=24

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.euci.com/event_post/transmission-technical-issues/?src=Overview&x=96389x4861035Bv&cid=4861035&dmn=bchydro&ind=24

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
4848	msedge.exe
4848	msedge.exe
5108	identity_helper.exe
5108	identity_helper.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe
2760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1824	4848	msedge.exe	82
PID 4848 wrote to memory of 1824	4848	msedge.exe	82
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 3316	4848	msedge.exe	83
PID 4848 wrote to memory of 1228	4848	msedge.exe	84
PID 4848 wrote to memory of 1228	4848	msedge.exe	84
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85
PID 4848 wrote to memory of 3064	4848	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.euci.com/event_post/transmission-technical-issues/?src=Overview&x=96389x4861035Bv&cid=4861035&dmn=bchydro&ind=24
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa591d46f8,0x7ffa591d4708,0x7ffa591d4718
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15574267350402243363,15586802986942409113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
704KB

MD5
357e40f4f544b860fe0bd03265224434

SHA1
a4c2b8fc37e0e0417bf4fb91055fb36997d7f9a5

SHA256
4d20a0c812f65956af7673c034b8c6a58d5113728d1a2fa1af6c580a44435a47

SHA512
5326bb1d261a281c43b9e0aaec8ff4fa375b3b84aeda4c8c9e122f43eab234dd866498c4990cc7cabf28af1ce2811ecccad2097b758fdc08b8116f69367b85c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d085ff1391528b8cc70bd99eba518362

SHA1
8d11dc9a354a3f980b322d283bd91c5147a5117b

SHA256
fa20bd469295dd22746a584d5ba64f0cd97359ca5ad6e0a5fbb4d4aa83bcc995

SHA512
dcd48401d49d02d49ff61d617e80e12ef320adb43a3c148a7b69384fa3b3c32a834a8f385148386aa0f7a856c4beeb5406eae526f8e2df80deba3b7423c2c5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
728d823846a07f2fedd383ab8d41a017

SHA1
718acfe65f86c72c952e7f35ae04f40c81fae1df

SHA256
91703ffcee774d692fa3402030c3fb1d1963c3c003eb44a89f2cbebcfa2fb096

SHA512
17b5970f84e0484171d722d449393ad783dcd9c3ade74c37bc91d8ba5f9a2bfdc485972d412a2d8c5e8153958e2721b749fcfe13ebce00b4ec76e1d8d152bd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7c1d8370941f1402d9507e3e35d23a03

SHA1
1e60f58deab0438070778fe22089573beb7ca9f7

SHA256
b5ea20f31569fbf0444aa396d6205287cda175bb0626a358e0008793f6d4be42

SHA512
2201d1667865fadaa2f10a250a0814c0d7876c32543b7602e19515e388cb55e6853fb75955427b48b6924c33ca01504d285a8a06cd9b4798ccaf81a4f936ff96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
294dc1a9885307d767cad49bcf69d108

SHA1
7190d6343c6fa2b96ba86e5c1dc47acbf1d490f9

SHA256
57c9793e1de55054d27e170ca1ccc1dd7edbbfc8bb68086a33cdcce4a75b60dc

SHA512
ca872d967f2da819b5d9accd565b08979d4bba15109e7752dcd6d8cee2b555916f8a76f9c8d2ced4b816a312f8d64de8f86393fece20c7b9792988aa43190701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fa5235287063decad7cf7edd1acf6ef6

SHA1
f8edef02a1561178d4c1b25c3fb10f7a90878d06

SHA256
f3918e128671791c089cf46c541a34ac482c0b326c0db261660b50e1d9b6802f

SHA512
5e5acc6dcf22be01b28e038829f004f950aad5cbe246a8782f2985ae8b29a497d624537cbc7514204c4f7af01b60e4c79adde4b1679aa3addf9270b5f8d9db6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1a3a0e8ac472afaf2e487a2b081e7c6

SHA1
4a5a2fe79bb117f849456a0a1bd406861fa03372

SHA256
e36c008d4a4f39bfc913df5f9eeaa03de2ee7eeffc01158c189069d492d5c111

SHA512
a2d54b96c87a18e66ad0bb131e443429c1244e8f3fde0c444f80f73a739012bfd8d54e969486a028ae44be96eec08faf4df44cfbb0d90a16f1e6a1be425b8aa0

Download Submit