Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 11:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://is.gd/20ppKN
Resource
win10v2004-20241007-en
General
-
Target
https://is.gd/20ppKN
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4864 msedge.exe 4864 msedge.exe 3636 msedge.exe 3636 msedge.exe 4776 identity_helper.exe 4776 identity_helper.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe 4608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3636 wrote to memory of 1304 3636 msedge.exe 82 PID 3636 wrote to memory of 1304 3636 msedge.exe 82 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 2216 3636 msedge.exe 83 PID 3636 wrote to memory of 4864 3636 msedge.exe 84 PID 3636 wrote to memory of 4864 3636 msedge.exe 84 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85 PID 3636 wrote to memory of 3004 3636 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/20ppKN1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff952c546f8,0x7ff952c54708,0x7ff952c547182⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:3004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:2512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:12⤵PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12196655500218746140,18260285495926511164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2640 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2964
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD599565412e7212ad2f5536a0535a7979c
SHA19654765765f6e1230c4ae6aa1690e6f2f17c3dcd
SHA2566c937d43e681fac7c5943288704c8b17e04389e62b92f3578c421a670a2c060c
SHA51288a602feb9a28d6705d7e3ed9a7da38317501b2b4062cf932a5bbacd2dacf30d42e1dd27979bf3cdb54158c217233d07a8c3496516243e1759e38a76406a84c9
-
Filesize
1KB
MD54cdde4b63ec7ee1af7154576ecd610ab
SHA1a46cc70dfb4cd07cb2bca09894d76e14318fb124
SHA256f9566d88665b0707c19144d680f362eee29db86cfdeee519411dacc0da0838d7
SHA512bb830e449bb1f2b71286f604993d6c88574a980e240060413c85cae98df8117864c49a88acead133b0beec49dfd46ab6fc742b5228a8a067cec18b8b20853bbb
-
Filesize
6KB
MD5f27d203297fc5749da56397534c14db0
SHA127151f35f5d9163b60ce76fd7fe066640ead1c41
SHA2564b62640945c3867cc5865355b285dd71c0b9feecb324de014fefe3edda35c753
SHA5129277e7fc35b049311711925861e694a2dd5244b98aae477aab185a7679517afc893feae2234d4931d7b7cbd92cfc718b031dcdc27b6c33ab6449dcb51aca6faa
-
Filesize
5KB
MD5ff16e2e6cbc7d4670ae9f6ad6248fc36
SHA1a43e94a489be19089ac454fe0fd22e1b87ce320b
SHA256b2c3492b23f8e09a9e7234076981f6b87b7609f598969091e4da20ad25b3a62e
SHA512aa636c3aab3c300c679cdcd3668d01727cc2dd6890162aae04fa1f321d1347c7eb4fead82b86af094e30c508e64f3b98890989ffb9c2a1ba7d3db1a0460a38ac
-
Filesize
1KB
MD50edf9601bd535b5ef42fba78f820503d
SHA1c16a23ad65a4635f4d39b2b5a2820bc10c874665
SHA256eefde74e32d12f0ccdeb70358f1eb9a4778df5e602be5747c5b920b97727507d
SHA5126365917a3a069db715958c7682024807d72eae224f889c730edefdbdd6bf9f85e055c772388b035d5245dbf1768f46b8ec9bdf8bc086fea0caa7ce58d12386da
-
Filesize
1KB
MD52843103f64fb1d2d0676c7164a432e44
SHA1cbc3a223b3516c43fa748b5e0d618dcfd051ab5c
SHA256f84626162cce3220750db8d0edb3ba28377d1bcc76cf4e116cf2436513506996
SHA5121a5225d5fb1a2e6d080d52bdc7273d0c4ac8aa96dd89543f6b2617c1263bbff9e06e62266fb908bf2ea416f0c1ab5eea31875fb7902dd30b840a224566765639
-
Filesize
1KB
MD50af4a9e07f2d1a7b8ef940b92f708a73
SHA15d933c540707e6efbeee56965d6864e8d6aac4d0
SHA2561e70a5a3e48403a4308295b20ef4c994278910d1618addde43df64fb4838d084
SHA512ee7edc88dd52bdb2d9171c011ae4e72e5f01d776e29e631aa669f83b6fa9e7c8a67f69912ba20e3b06a1c9b90062ef04066183783808f7976220592999a41d0b
-
Filesize
1KB
MD528c74c7786ef0a001d0eebedde1a7fb3
SHA1a22cfd541913d4a95abbd7ac31ab3be0aa033d43
SHA256aaaa78e1d85cf14bf91ddb81b3d913523b6269ba7c969bcccd7dea560ad6f436
SHA5124d7e13734361ee79c5ec83179144ab0f342070637497fd20b58c9bb956cd13144bddefcc8e18159322097cfd889ef10e2451b861f7d93f739dfcd6e491c03b82
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51660a1fb5c0ca78283702066b3c3cbea
SHA1a9b495f04afa558c86309f9e3d4eea6875d57192
SHA256ab8887dd781d1e515f194e4be1f7f0bbf3521066e54616df3cae5e8eb1d978fb
SHA512ed41c721812b66aa8b792c8b153d269193e0e36003d004d5f587f0cab5a6157d8fb1d613b0315d39d3d7f5accb2cebf2e60720345048a72a246105034dda1e08