Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 01:19
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: hls.js@latest
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 1876 msedge.exe 1876 msedge.exe 4312 msedge.exe 4312 msedge.exe 4232 identity_helper.exe 4232 identity_helper.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe 3028 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe 4312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 4312 wrote to memory of 1716 4312 msedge.exe 83 PID 4312 wrote to memory of 1716 4312 msedge.exe 83 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 2276 4312 msedge.exe 84 PID 4312 wrote to memory of 1876 4312 msedge.exe 85 PID 4312 wrote to memory of 1876 4312 msedge.exe 85 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86 PID 4312 wrote to memory of 3228 4312 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rapsanet.tv1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06ba46f8,0x7fff06ba4708,0x7fff06ba47182⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:22⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:82⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:2140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,12444896888651290930,550597793305500281,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5d9f93b256df7fc59e3f2d4f0a20f11ff
SHA1c83d6ef79fb3ed9d90bab2dbc45137fbc9f4e9c2
SHA256886129e11f804603c6ea08128bef584f39a7b7a60baf7f59e973aa9a76d4a3af
SHA512a5f42c469b475032f5cafcdc8fa022fbfa673e1b11282da385d590121a8f3d7a0196e94363c763a05e9f9b01092fc18c6cfaf3a38d598d9b41453bca171a3be9
-
Filesize
1KB
MD567fc7d460f8350d10339e4ed2b1e301c
SHA1785d13e66666221d8ffd24686d7ab0b481f4b2bb
SHA256ad26f71af904ecff62826d4366a590aafdcee3d4a061c04d77c9e70c56a43199
SHA5123995bac851fea7e8ffbad1a51b11eed347fd98cbe2dfd1a96376e560448d06a72ccecdbaabc5da3d41857fd59a7359c03152ef466b354a556ae041d1959c165d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5127bf4dac24108248bcbcee2cf2b8d25
SHA14a62ede8aa90f23c708ba0cce4cee734553ea39a
SHA25643e8aa73d1adc9cbfdf5d153c1a2d901b5d71d680d8cfb04b240d5cb25bae1d8
SHA512bf219d14e26ccf05109f250c66fed1de1da9de688f8ff68b8f386458a25e6e82ab5d7dd47c17b6259dbda4d1311a01fcc5220f7cec35379d08dc7c59d04337f0
-
Filesize
6KB
MD521c7bc8edf133d562945b864881d3e08
SHA14189f75dca0e505931ab41a00e79f3373a4c957a
SHA2560a5d55b96c887a68f28c340736936a85e29688d166bf26da460658517e659cb2
SHA512d0ece01d40de8ea6afa9e66bc21f6aaaff402a85cd0993ebec28337931706d9063294c14f178498f71832a1aab8aa4643fa0acd474543c493412e1baf6836557
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD56410f6ee37e33827d15d1667049d0b7d
SHA14423acb423b9e2175e6b2d72078b314b54b5e6c6
SHA2569723571bbdd6e64d2c4dd151f66a7d5fd10d88e8dd0841a7428f5553a4192843
SHA512b45bcc5a6545cda16363faad0bdd80597851b4a8be8e3ec31069b4e3cba5d4e60b21cdd3eb19ccc4a9a76076623bebb0196f8deeadd556e4694abf820f7753b1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e