Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 09:24
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 208 msedge.exe 208 msedge.exe 2268 msedge.exe 2268 msedge.exe 4488 identity_helper.exe 4488 identity_helper.exe 3844 msedge.exe 3844 msedge.exe 3844 msedge.exe 3844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe 2268 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2268 wrote to memory of 1036 2268 msedge.exe 83 PID 2268 wrote to memory of 1036 2268 msedge.exe 83 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 4408 2268 msedge.exe 84 PID 2268 wrote to memory of 208 2268 msedge.exe 85 PID 2268 wrote to memory of 208 2268 msedge.exe 85 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86 PID 2268 wrote to memory of 1508 2268 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://store.steampowered.com/app/958440/Hard_Karma/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb315846f8,0x7ffb31584708,0x7ffb315847182⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4792 /prefetch:82⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:82⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14145033864207173544,2134923626417228350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x500 0x3f81⤵PID:1820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5591f614263fe487f265e7ed4277f34d8
SHA1b1cf36d739da47a311526648f38d0e355c7e01f3
SHA2564d594e0e8e86ca041978c8dc74267511077519a11966b8d1a1f78ba5e6a0b85d
SHA51207bf5f799c70c0ff579f4cf4e756dd436dc7a538fd3e27e38150da08589a000d7de19368e987dd8be42ec95419d2603610119a442aa7ae254a366e3e05767844
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f55c3b33d51a9f4caefa8e7dc9c7a703
SHA1ed10792ad8ff834a35a983b8daf2713c61afc8d4
SHA256782ff2aa9f825b0c2400a75f4d4e893c3a031321f41baca4f7d9c91e7d461911
SHA512fcf3b7fee37fe738f6d9bde3e15f883cc2a73b68591f9b19b1d625d08ad7759db5652aadceb6180348e09600934cf347e3b0c98c8162ed6c4245a5ea86f92688
-
Filesize
531B
MD52a219129b9177445390b87d8029a59ec
SHA18d8850bd23fc8aa520c7142c3595d863250c2607
SHA25698bb453a71d1acfc24dcf3093715cf69fa8c5384c81cc15aad49f5e2532041ab
SHA512a52579d21ffc772a0e0f8275a29dc5072ce62afe47734eae558004b096725d5745ecac5dbbfe6e4bd12dec115714eedb50788b9cbea6e68a80cbb9c3935decda
-
Filesize
5KB
MD5fc151f1506c6dfb2c8ec6edc3ef7a0e7
SHA18a31ae6e0735f75a5c15811788f3f9fd923bba1b
SHA25670e4646fe72e4626a0027084fb83ab91535ee09175c3347fe4ea5f554ed04730
SHA5125fe068145df6dc3136805e067e831b4d2fd6a58e639fb7378fd9f8d143c81c5a1e8440ff7461e9a6472f851aedb7af43cbac063fbccce8341a83aae727924d1d
-
Filesize
6KB
MD5b0c4751d3951c605b90d3b862f1e7ea1
SHA1704067d6cb96ba029e20bc6f968f23cee817f9f7
SHA2563f99206848ba45f4c75d29b46447660836d9c5a69b1edabf19d5debc8f49c5bc
SHA5123e7f64a93dfddd8efdc384a22163f8ddb748632c3c274560da7277fc504f7d7bc929646756296b9bcc35e29ebdd559eb9d8c7f34a144085aceb84e492d20b008
-
Filesize
6KB
MD51a66847211ff55ce99a61495172828ad
SHA1699496db8b884f1dbaa552a156eb05cfea320fbc
SHA256fca2292e4d7cdd302dc48f1e6af7b2c8f9e767956463aa330aff10ff80b00245
SHA5128d49a02bbe724f37439489ed7068684584d6d7dd43336e2c0b91d26ace350071fd75608423eae1bf1ab1c5adbc1101712184f96399c673e1916358716ddd9ef6
-
Filesize
372B
MD51ddc7aed89454251b3e4f136ef687aed
SHA13a90ec58837d89c0a0e389de463cc3265ece5b98
SHA256c40e1345819e8047c11cd334dcb49a26309a3ce47758089caefdffbf3689ba3c
SHA5127df809e6915467fa4252c748dd32f2e3afed90fe0852eae6339aa68b8c7bbfb518bf6b67847ec6b269f90221bfcd7873576a95d999daaa09737fb0be3a0bfa20
-
Filesize
368B
MD5bf11ab6611aa669945cb592fe8e28e70
SHA1564cb40f2738f44a1186fbb75b4da6e5b6b4df01
SHA256976805fa2beaa85b2b63040e77340630730a59dd886cdd134c8bb8d934f7b4df
SHA512b5cd65f60d278958cbfd4b6a973dfefa80d9bdb9459f6a7ed3e6b2d95caf90ca317a96f85fbeddbd7d21ed88ebca85b7866af9dee7c0158ad717e8970e6cff0a
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD5b11e36c84a2200f1d7c2f67beb587822
SHA1a3bae236fa40eb0c1564eee222da0e57dedce3c7
SHA25668d4bd17398311337269e73ec02a51b4e075e8932fa3b0bb3bf93ad3f2e8e94e
SHA5120169443cd5eda88f3b6c56daa8a64f3982e359842d0eea01711d76ef59220a962d81b3a64333822f72e10f635dbb5679cc24f04444c30dd49e31630022f32025