hxxps://eu50card[.]ru/e

Analysis

max time kernel
71s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eu50card.ru/e

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid	Process
1976	msedge.exe
1976	msedge.exe
3032	msedge.exe
3032	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 3032 wrote to memory of 1504	3032	msedge.exe	83
PID 3032 wrote to memory of 1504	3032	msedge.exe	83
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 3356	3032	msedge.exe	84
PID 3032 wrote to memory of 1976	3032	msedge.exe	85
PID 3032 wrote to memory of 1976	3032	msedge.exe	85
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86
PID 3032 wrote to memory of 4760	3032	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://eu50card.ru/e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff874cb46f8,0x7ff874cb4708,0x7ff874cb4718
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,3535811549895177484,268918678307362767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
8afc07ad5cc6569c767d95e1e86ba464

SHA1
fb2af4936623425de7187ebca704b0650303f576

SHA256
c9bce3565d5d85ac2ee9b61e43dcb6337bbbdcf8ce718b710fc9f695e9f5dcfe

SHA512
884ed383ca61369e52d4d66d6c7218321e2ce231896d674fdbc9219ba553aa6304585bea7aee13b51015099a1529ddacc8fa8f56d29f3f82821b7d16e00a27cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fdf24fea46279903581b28a06a4be509

SHA1
9e8fc89116459354410b2677862fc0ff56692646

SHA256
8cf5a0bf9099bb69f9a82bd1d9b27b14101b957f3603e1c0dd0df10f629341fe

SHA512
4491e22ce1d3e564555aacdf9144dc1ac423f15a4d821728e08fa23d9068be5f92248d2ed7361ca1642bb7e4f4c803c02dc91d1075e78ac9d2620d29af0cf9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15d15cc38baead5aa0a18a4dd3b7c67d

SHA1
c5ea697a1775362fbb0d1533d6f43da7d8f2715b

SHA256
09b68cd1f96fcdf54653f5d8aa78f323ce7f159155833bfc0e342c854c0a0d06

SHA512
5658eb1fead4f1d5b98bde7a522950796928b31f6ef635285b9906f348b66bd713d4a9665f4f2587ec100080693b16f9d70e059959aabd1652c69227a1529c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27762d7220398345a9f73bd9592fb092

SHA1
68bff901146eb0800b442979c24de449868811c5

SHA256
f104b9a995e457d4c5bd4466d0bbc6e314362990d84c0c637bf71ed51f3e6efd

SHA512
c829f0b2114f91a32cc325c2ccf6a414e690d642e37263d693e33c2131fc42e78d4b8edf278a131dad04bb787497c45f1a361906e7fbad5c33151ef2c7524db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef698d8c8ebbc9cf9492f9869832f8ad

SHA1
62f3fe9b60e88b36ef848985d626048c13917beb

SHA256
9a32b322f464994ea293d89ec57182f595ea9bb8366bf6b3c8a2648ba84bb7e1

SHA512
1a529efd1757314b297cca5e93662d0cb97614be0bcabe0b2f490bc420f37622b50ad32339537b40bcbe0ed29337c8bf48284b926cec921dece8af9357fbcc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
5c90a39f9eca2902c5c63add28cf0ae2

SHA1
86345ea3dacd16693453e9c731edc0c2500960d5

SHA256
badcd4a112b0cd1ed6fe83414982f3ec85477b28647a2265382534f42240fc6c

SHA512
f36c356ba172a65abaf2d1b84ed07624326c7bc60bb889eba0682f36215d75e1e45bc116c311c4f2376c451e597e88e639041912c8386b4e13dd3ca79b68a2ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585a21.TMP

Filesize
203B

MD5
23f6f9b52093c36b99a9dfec48167bfa

SHA1
afc3de12311b5ab6168a647a099c6c601a786086

SHA256
85befcccc90f65ad4403eb4e3197fbf725719eb6388c7ec58781b802d31c4e95

SHA512
d6a1d2b084cee217f3b62b6c734645a4761841776fb8aa75e1125984ffe898c82b7f56a4694ccc9017fc77824af029fc4ddcc6f447157c11fb6f3122d0e54c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08687899d987f2cdbc41b32cfd15628b

SHA1
6312dc41201e1d78a7edbb64afa77916eb6d142c

SHA256
e7f7171ffea86f190426cf5ddfd048acff48a16400fb973e9b01888028ed2cb8

SHA512
7ab9e431aa666ad02f6693da90eb432699fee0f318194de10610b6d9eac06d9fcd2cb97556c443ce7c74326f66d8d88818e22a1f0d88f91398e0afbef60f3218

Download Submit
\??\pipe\LOCAL\crashpad_3032_KFQAFAAIPOTOLXDK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit