Analysis
-
max time kernel
41s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 21:15
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4536 msedge.exe 4536 msedge.exe 4068 msedge.exe 4068 msedge.exe 3012 identity_helper.exe 3012 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4068 wrote to memory of 3912 4068 msedge.exe 84 PID 4068 wrote to memory of 3912 4068 msedge.exe 84 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4616 4068 msedge.exe 85 PID 4068 wrote to memory of 4536 4068 msedge.exe 86 PID 4068 wrote to memory of 4536 4068 msedge.exe 86 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87 PID 4068 wrote to memory of 3752 4068 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://workshop.artwork-tiger.shop/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8736146f8,0x7ff873614708,0x7ff8736147182⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵PID:828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3816 /prefetch:82⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8558204619406602533,11971346883273732558,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:12⤵PID:1040
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3012
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4484
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5c49df9fcf159cfabc7620e052e4773cb
SHA1850e6280a6df417c4573531973364641d00433f7
SHA2564f544916288a9f8724e3d2f7073d55a0326c6e58b22ce90a72c13a5e3b19a2c6
SHA51226d050b38998cd24db3a1f28f78fadece4ee41e20fb9d0b57d662242970b3ee0a4944bdf00f8d1d5205241750d98f81490073e52c67fb3980f9768d4aa0e0036
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD579ceb6af7b63f4dd9db3b41a3aaf3481
SHA125f631f5cdccf8aa96fa36a50b16790a21dc8e82
SHA25628fb01761b5f2d2cefe29180b5adb6102daf19c7ad14f7c234371b82068765c9
SHA5124a4c176caac9e0406d516b53945611f9a8e87f6fb1f77f6fed5f7b6705ffd9d5c660f5bf47774fced94b865746b0a1c04e01edb68920b326e348b85ac74e466f
-
Filesize
6KB
MD559ed5bedbb7f0cb06b7a4ef160ffff2b
SHA16d3ada7375e45ab3a4ddff9e909bdf55a580a3d6
SHA2560110f262cf07f73494caffe905c5c757bfae41aead0f91a5c17191bdf7083458
SHA512edd4b61394c588d4e89e23032aacd873f1c1de68804cca2e27c8968fab6b54b81f3e0457ed06d0c1acd6eda5f611460da073a1b5fa66cc3ec2328698a1f8c13e
-
Filesize
6KB
MD52125cdabb4c584b93c80d29b154907ec
SHA10e0fe971aadabb5bd9c003417f3a5a6bd0689e68
SHA256c1642b6fd4da5d2ed4ae1d1eca0ba905ba2313f1e2d523f01e1e23c6d6ada2bd
SHA512c8a37a4027b2ff91fe905b71350e89360ee6ee7ede0ee489db6bb64a6001a09d5861d3f8177924f43cef788ee1439e61d47b9107ccf8d89a8459a9e27792fc05
-
Filesize
6KB
MD572b445cbf31e176ee66ee8d256bc2ba3
SHA125d19bad30beb8043a6276c185d38b43b65d965d
SHA256e64bdc819b3c71fa7d47a6f41226d084e1572d9c0d81f9791128a2003f5f5b85
SHA512e5c5834f715876b0e472aa1353c7fd6969799a078853382e5d09275eb945dd72b77882c127a9336313cc517fe121f464ba975476293315c451ee5e628ceca51d
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD582161cdbcc20f7c6855cf983726e6a7c
SHA16e771c599dd18ac42a269c7fd103046fa669e2c0
SHA2563e541f238c4132286a0b99186fe469717ab37dbaf101b6f0e91c0d8aa0d4e2f0
SHA512ae71131468b25b941ea9db024507e145a769d01fce667faeec69e0964bd1878f817ced24caf25ba1cda438ebbc2c56e423e042e78d8f096e1363c3334868934e
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84