hxxps://konnnnn[.]srv64[.]de/

Analysis

max time kernel
77s
max time network
78s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://konnnnn.srv64.de/

Score

5^/10

google microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand GOOGLE.
phishing google
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
656	msedge.exe
656	msedge.exe
2940	msedge.exe
2940	msedge.exe
3560	identity_helper.exe
3560	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 4688	656	msedge.exe	77
PID 656 wrote to memory of 4688	656	msedge.exe	77
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 444	656	msedge.exe	78
PID 656 wrote to memory of 4852	656	msedge.exe	79
PID 656 wrote to memory of 4852	656	msedge.exe	79
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80
PID 656 wrote to memory of 4280	656	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://konnnnn.srv64.de/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff20773cb8,0x7fff20773cc8,0x7fff20773cd8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,7604978389419611026,3102195039794140872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3b9aed968895510c57581befca6a50fe

SHA1
fced70584f6fc10edc80600226f2ed52051c80fa

SHA256
510cc9175318b9aa7617a3d29c3a8fb1bd4cc7cdc23999d1fcc3f04faa0ef561

SHA512
0001a12b596f31523475259c78ab65a87b135321fa7c1f94dc1ab85998af63d2cb82628bddce92d16deab4c893bd58a3de6f938ac53889706df2275afef82359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
c1746b23af8210a78b031798ac1c262a

SHA1
31cbf69561f101d7de2d93f9b0eab394cdf9c50b

SHA256
af6094fdc8d7bbf17c42bb7e9753ee059b76f896f1c461d5e955c961cf1cdc7b

SHA512
4a2d438a8b40bf0882ce859096fdd317003b6248b6aa385cf38b5bcb3a098a59c49d02721a70a3712544b3d88437036d91699a52d78ed5ab264b7934488f0732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49fab101efc8a51c0fd701bff99a6add

SHA1
4e4152fda54b7e9e21614d2c05c47d6fb2176a87

SHA256
ba55783475ae870239ace10d6f6190d1d6e1576016934ece838b62546c5fe069

SHA512
edca41fdacffecd757f7f7c5d9fdb4f0420bd6e0a3e50ffc0a3b8b25feb1d6b4e4d844b343bee484b20a2f8c69934e16a553ae7d9119600d49c833f8c04f7136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5e196429de8c5249e0471df3a83a4b63

SHA1
55bb02a8b80df32e7550473346cbe3c490df99fb

SHA256
ca03267b5b21b3cc47f5e2ee6c69f67b20ec36279b4e6daf2594c266e80f6189

SHA512
49e290b773b618450dcbbcc9aafa315ac0cbd7e55b1737f80dc7206dc7d299837cf90c1667a379e16fa2f02f3d6e54a9981ba3fd9db9ede0354f0e1c00dd0bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9ca6dfd93717c87415a9354b3c725c

SHA1
14a8ac6ac02fae49522f07a9a3f890056daa1c43

SHA256
ddcce6c4267b19b32a2278b6122e4d1ef0e2bceab3acdd407307f07a76c145af

SHA512
e867867f408743e0f2a88aa4359422fed6d800f8368f511fdba4fb67316af56381c09e2145e1fdec3ddff3173bc5e6bbe872aeab1e36982e3b8534f035ace2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
343459b27135c15cf4d5efa98a028d3e

SHA1
fd22bbe168547a85668e35c2ac386629bfabae41

SHA256
814dd6e518d7ec7109d00546daa446bbe7da9453df92449e953a7ac4f667a563

SHA512
4dda1cfdbe4c629779c9076c872830b92ef8574ebda3fcd0d68fd864f1d65cb7f15fb70a401672038f2d1181dc7bcbb6f5ea1940756b397b0992d9923eae4bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd382ef9ba534b6f68ac765cceb0ceb5

SHA1
4fa761df54dcec5913bb2b7e548367f19f5cd47b

SHA256
c680661d74b2bede76435422c008607ea521d62d430806f54e8d7a74005b8a78

SHA512
409d9940261d192b2a4d3afaa6f7f0c5c30866c488f99041c5abfe2f48fc209c56e4eeb2eeee95de02592cc284f16afa39b39a64842f77e553b900b0a59999d2

Download Submit