Analysis
-
max time kernel
46s -
max time network
48s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
24-12-2024 03:44
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://surl.li/ksqjbm
Resource
win10v2004-20241007-en
General
-
Target
http://surl.li/ksqjbm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 4648 msedge.exe 4648 msedge.exe 1000 msedge.exe 1000 msedge.exe 3836 identity_helper.exe 3836 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe 1000 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1000 wrote to memory of 3348 1000 msedge.exe 83 PID 1000 wrote to memory of 3348 1000 msedge.exe 83 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 3388 1000 msedge.exe 84 PID 1000 wrote to memory of 4648 1000 msedge.exe 85 PID 1000 wrote to memory of 4648 1000 msedge.exe 85 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86 PID 1000 wrote to memory of 4044 1000 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://surl.li/ksqjbm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1000 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eb5a46f8,0x7ff9eb5a4708,0x7ff9eb5a47182⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:82⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:82⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:3180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,6148713287831153762,11372071533500241884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:1796
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD514364a50a233b3253329559b781c3470
SHA1c8b5489f83d10a8ef02a76f8791a7d255d9ef756
SHA2561ccddc215e7953febed73ccfc96cc782817b75bc00290bd6f4a0fdb421805e4a
SHA51271aa9c9018e7c1e6ffaa1822bfca41fb0aa485bcfc386cf2c0614fd20124eb14c36ce34282736eeaf62e4bff2eec30b64b15d4bb19ef6f68a0e19ea92d5b0188
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD502fdd083904ae3de2b733313d584233e
SHA177040d7ecf64a4b160d896e62a3633796c7bdf2a
SHA25617dfa59d3eaf4c262dce5fc99b88363e8516f4862955504e38c481fb3a845420
SHA5121d6f35661901306a698e11b691718a10f590adc2bb472282faa6adf16d135cb6b98d80bd252b23112be4f633b1920ba6af7770f8402e5c502a53d663c1110a83
-
Filesize
6KB
MD522de3c29786abdc66db5b5b76354f42e
SHA149b2749132e40bcef479292a7c311f8eb8404614
SHA25681cc4a75df42847add9317a84b4a0fc3a8547b26c67c29fdb9699d48a1d15716
SHA5120ddc816e585382b1fa613c749881bd651d8af7eaaf1524193628084809753597c12972746e3f709ce5ca66d5b77a268dbb062c85900c90c897b3fd9870223a62
-
Filesize
1KB
MD538873df2a1b8f86febfe43000529fb3b
SHA1b3d993d3eb7ae080c7c59393c33517371ff88701
SHA2566a45b76992345ebde6d9d100df2c1148d5cff5c217c44256b1a6cfe43a99f6e7
SHA5122315f5bc22b8ce46368d1e83ec4df3f085d8675d1743968844321aacb17c0dfe18639f45d8140f042b79fff7581a877925de2e556707b2a98119bb67dcea7272
-
Filesize
1KB
MD5a48e505ce4e30c002a26f686f7503093
SHA197e25bf96b9601fdc8ed1c819d30b06e78a910e5
SHA2567e8108f4c20a515c655ad228da5e338878e3754c3514858e815b24527d1a8a33
SHA5124a44c76660272131076d4bbf7bb3be4adb06468724f0fbf686946ac283c872c2b2a91ec13b2c6838b694ce2f4613c32431a400572c7acfd10ced45f6390a2c6c
-
Filesize
1KB
MD56262aeabe9536e8e421f9f478f891ee4
SHA14c34c997ff37ef31426ebb20e9902cf3081a1181
SHA25651ebfde7f880ce5b0f3eb6b6f4e8c8744a313dad0868e4ff6731bf6a480cd895
SHA5128fe8b25613d22a8e4a8863f3731b5564b5e3dc31de3ac4d704e24e6c81ef54ef0075ad4c3c37a306fc21990a535a2704cf90e5f143a5e9bfd4f62cddfb7e3fcf
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD589e3be536d0e22b651d069c4d113a108
SHA1b3c317ec86cbe5c5d52590303041225a930f8851
SHA256beab4ff6e9fee62916992cd97a7aa7373430679ab5f21d50ec2321d22bdbacd4
SHA51249f04110120692efa2fa38e6a1b1cdaafa74d03c869ed88af621d1dc0114e7a70187f8550ec2225a9017f82918e8f93cb39456b6cd30052d46180d0cdaead455