Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://bbc.com/news

windows10-ltsc 2021-x64

3

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    20-01-2025 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bbc.com/news

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bbc.com/news
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:324
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffec4fa46f8,0x7ffec4fa4708,0x7ffec4fa4718
      2⤵
        PID:1164
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1947987323105020308,3000425679018126355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:4324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1947987323105020308,3000425679018126355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1947987323105020308,3000425679018126355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
          2⤵
            PID:4412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1947987323105020308,3000425679018126355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
            2⤵
              PID:5092
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1947987323105020308,3000425679018126355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
              2⤵
                PID:3840
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:5056
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1076

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  78789c91e16d10f550331b6172ea4751

                  SHA1

                  aee25d6d200d75e8a0f753f888d19545278999c6

                  SHA256

                  b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24

                  SHA512

                  ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  20ce33649b0aa2e62230849d9203743c

                  SHA1

                  0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561

                  SHA256

                  482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c

                  SHA512

                  332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                  Filesize

                  70KB

                  MD5

                  e5e3377341056643b0494b6842c0b544

                  SHA1

                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                  SHA256

                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                  SHA512

                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  5KB

                  MD5

                  4e4045205bd0a2e89661f96717a99241

                  SHA1

                  968f4cce90612c7ff1c9994db654e18b3f2c5528

                  SHA256

                  527003233593922821e4a996f26dcadd3605a78f8a1fa38c7dbe8c29c8e3a2a3

                  SHA512

                  fa71865e294aeb126429c87a52f43c425c3335680dc5f9613d9901e4de12711728e57637c9c796c1007c8c88cd4a8c861ea7724caab37e06078c40d224cdfb49

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                  Filesize

                  24KB

                  MD5

                  185080eb3d5b0a66db58e0095f8c331f

                  SHA1

                  bff8dcc035b163b0c9ec6e4407733b86affef965

                  SHA256

                  113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331

                  SHA512

                  75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                  Filesize

                  41B

                  MD5

                  5af87dfd673ba2115e2fcf5cfdb727ab

                  SHA1

                  d5b5bbf396dc291274584ef71f444f420b6056f1

                  SHA256

                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                  SHA512

                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                  Filesize

                  16B

                  MD5

                  46295cac801e5d4857d09837238a6394

                  SHA1

                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                  SHA256

                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                  SHA512

                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                  Download Submit