hxxps://en[.]softonic[.]com/

Analysis

max time kernel
145s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-01-2025 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://en.softonic.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4588	2376	msedge.exe	77
PID 2376 wrote to memory of 4588	2376	msedge.exe	77
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 2692	2376	msedge.exe	78
PID 2376 wrote to memory of 3792	2376	msedge.exe	79
PID 2376 wrote to memory of 3792	2376	msedge.exe	79
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80
PID 2376 wrote to memory of 3752	2376	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://en.softonic.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe87503cb8,0x7ffe87503cc8,0x7ffe87503cd8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8079207766022721935,11740189008564150734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
8faa6e4af66b62f278d5629d1af144f2

SHA1
35bbf1c27e875f08115d0339c7e8e295d3ed713d

SHA256
f789eaf6585d1d26af42610ffe1c7c7e0d9f91fd4617e4fe04924c96f6d1062d

SHA512
5c143e9983310821d7fe224b85252395c041ca25e61ee4afb4bb6fe8b0817dd71e60c5074a3858419fdd83a3c93ceda03492e0719c2fc953fbfe9292ba87ea35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d685106bdc435acde62157677647ddb3

SHA1
61b32bc9cb93381ac309c9e876f8dcde2e9eac25

SHA256
15e5c45e6d5b73a89475a95621ba965dc7a9c80f938a2ff3e6c66b7b1c8b911e

SHA512
3faa27a7de5461bdbb136a52595c8688b11281936e45d2c377904027623f1620a636a1401ae6f7e7066620a8de7b3e0ea99284f5c84c60a9211683517b4c0f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1e31bbee48f46039fa713423923cc4c

SHA1
317e1572a25d84b0e1758d93b68de802904bcf9f

SHA256
cff773a18068587b6ed276076d48a6a94be380d06735e693dd86aff45f56753a

SHA512
47be50613e279c164687ad469229cb9dcfeb1f8693147a87a3a7ebfad47d558e829342162986997bb0dd86e34fd2a2a1843fe8fdb8f65c97185a1416d1a8b37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f51bf783e7e1777e5af93c78f3740b4f

SHA1
f56f3c04f164c42ba82ad6d699bb5fd25b7c4e0f

SHA256
17c19696b47de85869e4a494e742f19ca1a7be2f408b4a6e8dcb045007e567c5

SHA512
51282f1b78e1b4b1efa0a89710ceb285d8b7addab91b1002448e5907b455668e6f2588fc182d16596bce275847e6d651d3485d09f9c6284abcf44d5fc782f835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0b418c2af711b6701312a036e1ef3af

SHA1
571d8e612de6ba874460f67eb29db8d294e0053e

SHA256
71a676f266126a80981b9f2de17225b3c2b13ca177f46792edc33a3e52d3f27c

SHA512
e06cf8df139bbc1694ce20c857e1ce7ede910cc3708f78443cd8dce8540172cbb2c3c237e8027a0c088cb2d9e435cb90da388cab6a3ed5e6957e8906d0f94f32

Download Submit