Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-11-2024 06:50
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid Process 4276 msedge.exe 4276 msedge.exe 3372 msedge.exe 3372 msedge.exe 1696 identity_helper.exe 1696 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 3372 wrote to memory of 3664 3372 msedge.exe 83 PID 3372 wrote to memory of 3664 3372 msedge.exe 83 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 2900 3372 msedge.exe 84 PID 3372 wrote to memory of 4276 3372 msedge.exe 85 PID 3372 wrote to memory of 4276 3372 msedge.exe 85 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86 PID 3372 wrote to memory of 1876 3372 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/id/home1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f3e046f8,0x7ff8f3e04708,0x7ff8f3e047182⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4441459758687297073,4957848506621949818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:5320
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4456
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
216KB
MD5f0fa8f422f6517d20e780b45bb554ddb
SHA1fc044889a737ca702b6b3165a3dee147163c46d3
SHA256f90a9cb8c7de4ce64526ddc7ae4c5572f0e605a67ddda51da7da6b9884d580f4
SHA5126404379d368c71e5eb32c8e45fc12239dd579808bdb63010ed62a4c6839778f67bce91dc976e03b318783512f6df574014c066e4350e633dfb1c55d9de1c74a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD5c01895e8a96f3b207514d0f7f8bb55e0
SHA13d70c97cd48d1692b92df0c87b624e9e7672ddd6
SHA256a2fcf1b49ec19c6445ef84495e12cada45c643f0707c33077d9035a041cb70ff
SHA512d91ae462c241a9f109e360a94fe2c0da5c66afee3b2bcf7cd7dd3f2d13714aa7ccb28a438bf45d9aed5ac8d65d55e45fb1dd73c772f2c29259ba2ae857fd2baa
-
Filesize
7KB
MD53bc668185a5467433cd39af3620d552c
SHA1392e1ec3ab9f744d4207a16d85d941f4e9db5a2f
SHA256bd4821ab4736e35f96973caf49b09c49adb80ea7be77ca8f3232043fd5fad514
SHA5129569e1b5eb3037aedda75230946cb50b1e7fb3a6d6d6d408fd79339ff6357dd0dc1a3c920c2322bcc0a12a99278ca9c0602761a49a2f6a61fb16518c488d0a8e
-
Filesize
5KB
MD51f5563d11610f9d3d2a589c9a2a3bc51
SHA15aa2bac4967a1b65cfad808f8df8f677daf459e5
SHA2565d54f7954f7c3c183d2a609880936228fddca7790e81661d47b9929220410d2b
SHA512d4df5aac1e9bd98d90e8e28ba8736aadaf327c2ca778bc48599a4b4b9325791be5e198f52daf5c06f26e3f79d1226774a604381d7e037b183daea534efe9970c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize99B
MD59d70312fe66101e5ac959dc2d19053dd
SHA12120995004d3c7fc15b5da117da2b78c4f7649eb
SHA256959ceea188cd5ddd5b175ab9665e3d87ba278795ef914eb9c53b2c579ccb0e74
SHA512489a012811bd13cbd5d6bd24a17e42492855e28abb9e7a6c4a3d4bb1303010ca9428f95e40f505dd817018658dc32909efb3a30fcfad0f0b015faaa3f91dacb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
Filesize35B
MD5343859b4ad03856a60d076c8cd8f22c3
SHA17954a27de3329b4c5eefd4bdcb8450823881aad6
SHA2568c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA51258014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e333212de6c6c225e7bcb63fb9c4a7f4
SHA1e35bacc72d609e3af89ce77cd006e6e52ca00e73
SHA256b50cbd8b094faa1b0c92a32c12e7e48da33c156a9d0770f1c28191808b9dec7d
SHA5126cb60b247d74b85200e18225803113a3017ff48195ef9d23c338e43c0add3b68dfc816f2ad627cded0ff0f5bc81bd50b7129c5e9d745ccd0ddd88f59217e3f34
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e