Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 15:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://wise.youresuchababy.com/?toko=EzszcDbLboETIIonUoSykFqXesOHkZlbIAwVXqckBSitsWmhPpdhUpeEjfdQQXxVxpPDkppuMWZr
Resource
win10v2004-20241007-en
General
-
Target
https://wise.youresuchababy.com/?toko=EzszcDbLboETIIonUoSykFqXesOHkZlbIAwVXqckBSitsWmhPpdhUpeEjfdQQXxVxpPDkppuMWZr
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4360 msedge.exe 4360 msedge.exe 1460 msedge.exe 1460 msedge.exe 4876 identity_helper.exe 4876 identity_helper.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe 1460 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1460 wrote to memory of 2552 1460 msedge.exe 82 PID 1460 wrote to memory of 2552 1460 msedge.exe 82 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 5008 1460 msedge.exe 83 PID 1460 wrote to memory of 4360 1460 msedge.exe 84 PID 1460 wrote to memory of 4360 1460 msedge.exe 84 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85 PID 1460 wrote to memory of 3676 1460 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://wise.youresuchababy.com/?toko=EzszcDbLboETIIonUoSykFqXesOHkZlbIAwVXqckBSitsWmhPpdhUpeEjfdQQXxVxpPDkppuMWZr1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb48b546f8,0x7ffb48b54708,0x7ffb48b547182⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:5008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:82⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14993756800852777379,1724447433817510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:216
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4664
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
480B
MD5ed6aeeb3d15d74dcdfe97f766b8d3805
SHA1c2c63579640283722d49392238983a0458c14a36
SHA2566f4019e0ab995657d07878f3d220c34f5be52e8d92279a951fcb31f0ff242594
SHA512ed88d3959a4d3cbb00a512981332a45641034714b8edd0f27f81bf38e923b84dfa55591807fcf890acd512b8f6ef363cb88cc6eb78816a75d8f4808465f8a787
-
Filesize
6KB
MD5c707e4e1412b7c7a028f4ad1a690c2a3
SHA1eb850898aa4486fc90c4bfeaad80e94ea57d5eb5
SHA2561a32633650da3fc6cc9071f36527814ccba966256f1c201d81929a1981175626
SHA512a51ff4e75cb71b441663749351b30c6c34d9786666d8021fbae3fccf1763cb21d447cc98014c4ae60ee54e2532e8d8b7591f8836394dd1fca9e3915a61e31f60
-
Filesize
5KB
MD5596353676a5755b48b331346fdb74f7c
SHA1149c67e2e422bd7ca9453121c2308a0953787983
SHA256a310f28aedc67cd6ef5038db9fa0136d9ebd27a2ab88ae59039323e3fbf8cc20
SHA5127f155366a182ce810f60fb1ec28e78595dca1d7319b2d1e2a3bf160bb46d8ba011a5d4ca3383b916ab6d74823339153be859d4503eb4bf81fe97191a883f2685
-
Filesize
6KB
MD5378e0efef0b56fe138438324325c2dc5
SHA12894f9604d156b8215fd0ea3d44169869adbf859
SHA256481703e90f68d7d723a2fbbd40b066249f28e58e20ac3aabfa33a83f42005450
SHA51238aca84d1fa0f3a5628552323e5bbbaee0afcdc087e417453ad3c36d5a7c1da3dde7df6b33284f937244ab78eda3d8ae02390ee847631fc4da97611e53e7efc3
-
Filesize
6KB
MD511d89b2a96bddfaba810362b63cb7ddc
SHA106fdfb72812436356f212cfaccd7ec4bae36114f
SHA256a10a4f4cf37ec745756383ca610a24fb46b78e3cf73de962b5e457e783185c1f
SHA512d637fcbc70eba94ae769db1fe604042af3bdd08a8b7e9ef07e5eeeb65ecbb2ab6e1c532ca76ffa44cf809d4cba28fa6d1faa663b08299b119d8aa3266097e260
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b35a5b5047208de2478b860084915cd0
SHA1d685727fe9ec0ef9a1edf8b1f1281a0bfff6669f
SHA256ddc8ebabd9c9eda443f5b7b04cf79620ad826b5c7209bd37d8df151034dedc78
SHA5126150e252174afd04fd558d1899e13bb5ba953efd1da9a433441d3ffc04cd9e80c37bd6476c9fcbf0661e2a6c1485913736225b39a4f17aec272685412a85efa7