Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-10-2024 09:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://supportpage.eu/community-standard/100064601205197
Resource
win10v2004-20241007-en
General
-
Target
https://supportpage.eu/community-standard/100064601205197
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 380 msedge.exe 380 msedge.exe 3516 msedge.exe 3516 msedge.exe 560 identity_helper.exe 560 identity_helper.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe 3516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3516 wrote to memory of 1672 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 1672 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 5048 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 380 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 380 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe PID 3516 wrote to memory of 4352 3516 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://supportpage.eu/community-standard/1000646012051971⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ec646f8,0x7ffd8ec64708,0x7ffd8ec647182⤵PID:1672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:5048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:82⤵PID:4352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:2568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:2192
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:4528
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵PID:700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:2492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9335011528085186952,14556521415747326562,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2880 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD50301a4ba8a9c03442713ec40788e6b23
SHA15a4fb94f22552e49ecff4d8e054bfe3f8b4324c6
SHA256056e8523cb433f0393cf60b1a1e4ebaa7dcbd3fe87224d4720cf1848f64b9b75
SHA512c40e172e70e0e47f1135d51563ba195113bc47cd715f68b937aeede31a9f242887f4c84413ca7d917db21faf93de1dd278a1e65cd893a8c2b8065429c4ba5e2d
-
Filesize
806B
MD5a65d5be9fa7d6130aa9876acf8b03c87
SHA178a793700fd838737a70ac5f40972de37fc85a4c
SHA25688112af93757a1dff24ae785c0ec62183549f64255239fbde785ec6382c07b99
SHA5127e076585afeba1ceebb733766562675cc9875fd6874ed98f448e52d6a12494834c95957126e3ebdbbcf71074d4c788d99dba5ae094fbca97c780cf74a9137999
-
Filesize
6KB
MD5b4d8ec9daf30d4a3cca47d04fc034811
SHA12a4ae614c630d9d85aa0374f0ea0874ecc2a3b43
SHA25640c78931fd0482e78220ed2c95f7d39cb937f07db89d7fcdc7d09c59c27f2008
SHA512fc5761b8368f9928421d5d1d10a68e8d97bc71ae69968b1ab738c6a8e49eda2080e7ef83b48d807856e06ba650f41f6321586752aa1fe8dd3a8210284a804b30
-
Filesize
6KB
MD53f4dd4948771696041e9501383155c00
SHA103ddd849c52f97ad92e4eb85556dc3fff1fcccab
SHA256e3bd76b2fbd0e0f070005b04b94000fa88400d505a963b009b3ac836c74b0b8f
SHA5127a479064eae622f4aa277e3dc2562626afb0f4026bea41af1466d4f2028b3a117cef1dbc75fa17b2eca6cf1b84ec9990c2a97ffaab6294a955acd4982df27057
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5432c4e74859d90aeb57fcf4401e3c63e
SHA149152430bff315961db6f5e0a95b8b80f4e12f42
SHA256cc4ce7fc7db4f1b84d43b68c2d74e2fad932e97e1a85a5c0f1531d59ab3736c3
SHA512d1ab2bca650cd9f2981f1d1007cb033cfa646764f1567a9086ce29031079aa7ecf607488fb587ce1643cd6a7bc56e5bbb4ad790ff2752c1159e7e1aaf3356df9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e