hxxp://themostamazingwebsiteontheinternet[.]com

Analysis

max time kernel
62s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://themostamazingwebsiteontheinternet.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1972	msedge.exe
1972	msedge.exe
2940	msedge.exe
2940	msedge.exe
3624	identity_helper.exe
3624	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4832	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4832	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 552	2940	msedge.exe	83
PID 2940 wrote to memory of 552	2940	msedge.exe	83
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 4204	2940	msedge.exe	84
PID 2940 wrote to memory of 1972	2940	msedge.exe	85
PID 2940 wrote to memory of 1972	2940	msedge.exe	85
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86
PID 2940 wrote to memory of 2600	2940	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://themostamazingwebsiteontheinternet.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb386746f8,0x7ffb38674708,0x7ffb38674718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,8199166752851520335,12734262241768911132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x40c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
1d4d24f503bab4a9158dd903d36d6024

SHA1
5c72047e3b8181f1d97efa5c4fc21c52a90a3a93

SHA256
7a00779f4c3cabc4e3f6fc8dc562fe4753960bb646bd722d36573bbdf3f61e35

SHA512
d8d6e273c775b77549939c7d9e826a277c6eb4fbf170b28902e0cbb9853b66eb3fbaa4a44e54daf36213d59b920b4925bd269a649246159fb6fd9d9eefd61a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfbf165617552870f904dfc435b7cbd2

SHA1
331304c729bf8e0995299343aff0205477f1bae5

SHA256
6ee80f406db3249b93741873196e2a4b1675d3d2a70f910ac42057263b261dba

SHA512
a173bbed1cf5d2b8a2802bb492167ace9e1fb029907f75201cbaf2dde27bc5d934492d86b00d9dcf0b1f4347a03f48a1aaaa9abb1d33c1eb7390715d4f749b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c7c8e1cf34d415587a050d3fda37007

SHA1
02e1fc411a5cd4682a50d7294d1ab66c37baa38e

SHA256
dea558081875f5ca35baad6e3757c000303c1e0d48c25c8c70ca8786d60d1b06

SHA512
73f4cc16cc1a5205bc0f97da7ad49fd88b3e0fbd68ddc058be13deefca4927237084ac05d093045a8d97c0e7a44d8e8c053397bd6fce5b206e3f5c1b3370c554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
623725bebbda27833a95946c85634af2

SHA1
637d634d59ae2f5a5ebe026bb3459b4b6d6b9faa

SHA256
78a06a4a3d2c632d5a5a662ebf715dcce9d943c3eb32b291c27a4f74ffb859ad

SHA512
9426459bf2971cdb4025dd0f9de5d8b7bcf3c63e8f6aff4363f797c116d34799a7815f78e3a37d600517699f7a92be54b5eb9344b9ecb385456080e4e7834476

Download Submit