Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://is.gd/wceXcv

windows10-2004-x64

3

Analysis

  • max time kernel
    38s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://is.gd/wceXcv

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/wceXcv
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90bc646f8,0x7ff90bc64708,0x7ff90bc64718
      2⤵
        PID:4840
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        2⤵
          PID:3876
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:4496
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:4104
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:1868
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
                2⤵
                  PID:4084
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                  2⤵
                    PID:1172
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4428
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                    2⤵
                      PID:4448
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,8449576029161732139,10329662952267346197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
                      2⤵
                        PID:4400
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:4776
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1588

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          d7cb450b1315c63b1d5d89d98ba22da5

                          SHA1

                          694005cd9e1a4c54e0b83d0598a8a0c089df1556

                          SHA256

                          38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                          SHA512

                          df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          37f660dd4b6ddf23bc37f5c823d1c33a

                          SHA1

                          1c35538aa307a3e09d15519df6ace99674ae428b

                          SHA256

                          4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                          SHA512

                          807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          528B

                          MD5

                          0a47442aa0100a42fcdd70b28db6d598

                          SHA1

                          7bac9c56c1c53c8d675544a3f5deaa7051ff2a3f

                          SHA256

                          bd42dedea32e7f7c73077baabfa2676ff2a6403f9c1179e494301210169a871e

                          SHA512

                          5d1b295f0decb128a24a20dff4e8c7ab5fc1e9d58cea5af4b211dbec6cb8cad93f83a1d47646a11dc483b035e4aac07705d85f672f3d6ff91634fe57a80b5917

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          111B

                          MD5

                          285252a2f6327d41eab203dc2f402c67

                          SHA1

                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                          SHA256

                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                          SHA512

                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          2c37d0dc054175bf029ca1f288799352

                          SHA1

                          62e12f031da787c38a8cd2c100bd2a567b9ceafa

                          SHA256

                          9d3d2bc7160a4cf4d67e5aa90eda5e6ca3237dba9d8a44eb5c174743d2175c26

                          SHA512

                          89deba3a21aeba7ff6be4cb432dbbb56cb33ce9997a25f13c3788761e365f4417f61e70d2a1b8276bb331c2c5939611c644d49ac386dfa78b76a993f0dcb5c29

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          5KB

                          MD5

                          2b6bad285131bac8a0f39e43c6703821

                          SHA1

                          6a31efd3bf4fa8e01662bfccb48160bded990ff3

                          SHA256

                          836ae0080c55f15b6d210047f5e2cb6dca53fd41d86816594dceac8e43ae03b3

                          SHA512

                          70c2de70641a6293edfaed728216d379b437cb4a5599680119f74b3b9c4c3337c6446f1b15edb4e30432be40a1eb1be4836b8f338c3265a513d5a6f74ca77805

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                          Filesize

                          1KB

                          MD5

                          1c6ba90db1c665223bbb6fc4b1d4cc75

                          SHA1

                          f52e4b08d83671e53c62d525a9f44c2a84b6cc1c

                          SHA256

                          1acea297cfb76f5db9079ae802b6ad04ea3b5227dc297ad908a92607dae00241

                          SHA512

                          2f8c393a317e37d1c4f835d1641306b5d1d98231e323782a77911351b94974049c48ab05f4044f08776d01d0816efff057c0adbbdf3b6a781c7ef04583bce15c

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cc1a.TMP
                          Filesize

                          1KB

                          MD5

                          c588b7be48fb96673baae2bb17cb7d7d

                          SHA1

                          a3b07c4f81accc3b6b88e860a40ef7b86df2627f

                          SHA256

                          14ae68ea7762e3ed249380707b44e65ba2209e71e12450127bdc72008b271c95

                          SHA512

                          53c115cad307de766932b62e7ea1776680d2a63a72b8405643f6fb2325de9c602abf547b7d285f73ef289602bd6e95102cc5f4c355f582703f2bc22321735310

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          10KB

                          MD5

                          9cee3eb1ff5196a27374260f0548a418

                          SHA1

                          c87a90818b4ea84ec6d43c95794ea008d742303f

                          SHA256

                          4272cc55d752f39e04c668a40868866c04b32c6b0301e53123e5d7a7ec527581

                          SHA512

                          5c96d86b507ce3ac4a206c63b301e68af9540f14a1353e1268dbb36f8ad317f8b294209c29cf1fa6255d91d86862ef2b66a1e52a374a5d0b77076a7b52594326

                          Download Submit