Resubmissions
10-10-2024 22:50
241010-2sm3mswdnm 310-10-2024 22:49
241010-2rmeqawdkk 310-10-2024 21:34
241010-1eqe6sshrl 10Analysis
-
max time kernel
240s -
max time network
274s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-10-2024 22:50
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/miroslavpejic85/p2p/issues/62
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
https://github.com/miroslavpejic85/p2p/issues/62
Resource
win11-20241007-en
General
-
Target
https://github.com/miroslavpejic85/p2p/issues/62
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3724 msedge.exe 3724 msedge.exe 412 msedge.exe 412 msedge.exe 1244 identity_helper.exe 1244 identity_helper.exe 1484 msedge.exe 1484 msedge.exe 1484 msedge.exe 1484 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 412 wrote to memory of 928 412 msedge.exe 83 PID 412 wrote to memory of 928 412 msedge.exe 83 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 1972 412 msedge.exe 84 PID 412 wrote to memory of 3724 412 msedge.exe 85 PID 412 wrote to memory of 3724 412 msedge.exe 85 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86 PID 412 wrote to memory of 1712 412 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/miroslavpejic85/p2p/issues/621⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e86746f8,0x7ff9e8674708,0x7ff9e86747182⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,7531196151879724298,2881775184476332344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1484
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD562fe8bd0fccd1ab5382bceec7801af30
SHA147717206d40eaa6ae883f646f0b67c2aa3b49871
SHA256b2104228637b21ff6a2f4c10e821f060ea5287f463d7aec6b0ad012ca6d7b444
SHA512dccd9d3bf10629a23d8d040d0bef0f3d0814cb43b373109c55dac1e65b114f08aeec590dc9578e27e2a7e500d7b7aa2f673b89686cee40420f21d84ed75084d4
-
Filesize
496B
MD5d22266ba3d8db30279b96944f0cec985
SHA144e288cdfe75a5e8299ce32e75dd9e0705cdbac9
SHA25677873629fa695e434160c86ae9116906ff65a97666d7d35a3ed63221b627c0bf
SHA512d463aecbdac835dace5544b4267c86c2ed7d3165ba95095db6dfc3a25655f2391fa202a81d37b4a76a36f04456ed86df137302ad0e456fd59ecdfee3c69c6c1b
-
Filesize
6KB
MD5fc9d41fe8e308e4ac5893b7525bfec51
SHA167492654ba778499d83b5645d4d86637c92d76c0
SHA2565664689a6fc4affb43068ca1d519339d28fb5a2eb63085c3e0e68eb5200a3e2b
SHA512344afaa148c6cbc64384f5d11dee57addbb75ff36e99ca112878883959114cdde84c942e952b1b501ee8c4c7e3b71565c5fd59618a9ed7ac71fc960fc15158db
-
Filesize
6KB
MD59ff4217e3dfc3144a4582c04e8e1ce0d
SHA11a4f6108a7809889afbf656349edd199e786a0a3
SHA256511e83569a34e91de4c9960c5dcfd991223677e3a63b194c04b091c1e12a3959
SHA51284d5d946ba236611f48eed3c28434e13ec26b5ff10d56de77b478b65f5ffeef5e86183b6c6e30e74ac719a75fdc35ff5451da73072fc5fecad7f944d20ef64d5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a7376f831785388efb44b3cb1891a06e
SHA133cdf4202f63c5c19c3432ae2afbb24f4b7223a7
SHA256370b2b635b4e681364877b22da70cc5ad7775e6654d13d7cffbf48a19e47bc24
SHA512af1bfc8f258d5c29e6cd225cc6112d5b1b43a6b9994c1bebb268b6475de30f0e6708cea7906a2d09940b455b42c2aebcf9c101430745a9bd116ce839f9a99ade