Analysis
-
max time kernel
40s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
20-12-2024 15:38
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1772 msedge.exe 1772 msedge.exe 1700 msedge.exe 1700 msedge.exe 656 identity_helper.exe 656 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe 1700 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1700 wrote to memory of 540 1700 msedge.exe 83 PID 1700 wrote to memory of 540 1700 msedge.exe 83 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 4576 1700 msedge.exe 84 PID 1700 wrote to memory of 1772 1700 msedge.exe 85 PID 1700 wrote to memory of 1772 1700 msedge.exe 85 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86 PID 1700 wrote to memory of 3840 1700 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rjhelp.top1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd450c46f8,0x7ffd450c4708,0x7ffd450c47182⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:82⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵PID:3008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18038084719747983515,15817896360479779707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:1172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1748
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
Filesize
100KB
MD5f134fda98a277b1c8f20ab8fbe2fbd58
SHA1a922796190a1f5bbb3c410c6ec591502050df04e
SHA25627bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7
SHA5122b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17
-
Filesize
5KB
MD56b462d988df736ecf4680596539271fc
SHA120df1aa41b048ce5bc94bea278a86c80833138b2
SHA2568fc7ed77b399d4c49213a22802ef2f1854645bf97de6e9731aa76e84a0730097
SHA512d22818cb48c525f4b76d936c99b49686a3bc7a688caf8e669db52e2775f9912f499b1eb46a0f26cfef13978b966fe3059c9955afd4dbcf4b73ad2b480b17091f
-
Filesize
6KB
MD5983e6400aa504410a7ec74e010fe6084
SHA16984212f797285e2c9d18e6e3eb6f6e8bcc96347
SHA256587c7e08359b30da9494f67d5b3d2c7f8ddcbb3f2264e33f48333da429e8cb22
SHA512252a7d8c59bf5df5fea85b3fe103d81d3d49bb80004ea71fe3efdd08bfbbcd7c95d84c6f6c6812017f0daa0a762bda17cd9432b9685ed664952462bbb5c7c8e7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD528f6ff8402e5e6eb44afcf40dc8aba18
SHA1dbeea77ae6055f4567ee889761546b7114e63b11
SHA256ab29f7c79ffec8cc1eaa125de4247a8e0b0606a8b4366413f4a3f7ee36960983
SHA5120ec5cdf803c623792354722b2c901812d290a5f1797a786b94eae5f58c5a4b4e6a5744c5ff6e09cdd94eb913a414ff240d1da929d6c5123298dd9b0d32875640