Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2025, 20:33
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://lx6lh6cbb.cc.rs6.net/tn.jsp?f=001fNAWoMcBv1B6UmvhYnqPSKMUPOQysCU6GkV13Fw7P0f3OJT7D73RLzelJy1iwZDyNZ0XS-5bUNuTJOCsRBCkEdkcUNJBS0DpVKmQxoeJVfXWEGJr1trXo8Ld9ZSeG-VO8trGW1mWR3302rVphBeERCC6mpXR5gQJfxzNJZ56leKYVV5s3FR6t_mztDocGgtYYvpYGGMHyg0NbmmaWbaFkN6G_u-taRp1VPZI_PsEiOw=&c=DW-1wSKv-4ePHLIJPWHOPgxg5jFKsWZO3NmDyCRzLK1Yi-gTq7eUjQ==&ch=zO1s7y053qeCRPyzs_btZ7ci2KzHjIktMieX2xu7aRGOLWN9pTD51g==
Resource
win10v2004-20241007-en
General
-
Target
https://lx6lh6cbb.cc.rs6.net/tn.jsp?f=001fNAWoMcBv1B6UmvhYnqPSKMUPOQysCU6GkV13Fw7P0f3OJT7D73RLzelJy1iwZDyNZ0XS-5bUNuTJOCsRBCkEdkcUNJBS0DpVKmQxoeJVfXWEGJr1trXo8Ld9ZSeG-VO8trGW1mWR3302rVphBeERCC6mpXR5gQJfxzNJZ56leKYVV5s3FR6t_mztDocGgtYYvpYGGMHyg0NbmmaWbaFkN6G_u-taRp1VPZI_PsEiOw=&c=DW-1wSKv-4ePHLIJPWHOPgxg5jFKsWZO3NmDyCRzLK1Yi-gTq7eUjQ==&ch=zO1s7y053qeCRPyzs_btZ7ci2KzHjIktMieX2xu7aRGOLWN9pTD51g==
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1060 msedge.exe 1060 msedge.exe 2740 msedge.exe 2740 msedge.exe 4372 identity_helper.exe 4372 identity_helper.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe 792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe 2740 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2740 wrote to memory of 3616 2740 msedge.exe 84 PID 2740 wrote to memory of 3616 2740 msedge.exe 84 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 4856 2740 msedge.exe 85 PID 2740 wrote to memory of 1060 2740 msedge.exe 86 PID 2740 wrote to memory of 1060 2740 msedge.exe 86 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87 PID 2740 wrote to memory of 4464 2740 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://lx6lh6cbb.cc.rs6.net/tn.jsp?f=001fNAWoMcBv1B6UmvhYnqPSKMUPOQysCU6GkV13Fw7P0f3OJT7D73RLzelJy1iwZDyNZ0XS-5bUNuTJOCsRBCkEdkcUNJBS0DpVKmQxoeJVfXWEGJr1trXo8Ld9ZSeG-VO8trGW1mWR3302rVphBeERCC6mpXR5gQJfxzNJZ56leKYVV5s3FR6t_mztDocGgtYYvpYGGMHyg0NbmmaWbaFkN6G_u-taRp1VPZI_PsEiOw=&c=DW-1wSKv-4ePHLIJPWHOPgxg5jFKsWZO3NmDyCRzLK1Yi-gTq7eUjQ==&ch=zO1s7y053qeCRPyzs_btZ7ci2KzHjIktMieX2xu7aRGOLWN9pTD51g==1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc375a46f8,0x7ffc375a4708,0x7ffc375a47182⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13963953759253652009,17845827466232013637,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7cb450b1315c63b1d5d89d98ba22da5
SHA1694005cd9e1a4c54e0b83d0598a8a0c089df1556
SHA25638355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031
SHA512df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8
-
Filesize
152B
MD537f660dd4b6ddf23bc37f5c823d1c33a
SHA11c35538aa307a3e09d15519df6ace99674ae428b
SHA2564e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8
SHA512807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52ca132af882669015a3e0decebb762f7
SHA1ce88287a10f197cea9001dbe50a9e91962eec24e
SHA2563b4a6691654ae25fdbc26ef91da375fb28ac58c786f19e67e6f4aa37c9f6f367
SHA51221f45c7244cea79dfe4091f58282d771188db158f3d145389f723608e79e61fbd3677b526a541b9b22aae508b068457570b7837d385f7082dc0d6bdebdd10461
-
Filesize
5KB
MD59d1afe38a086779006d4b94b1222a155
SHA11e5f5408d9127a03ff5ca3470da9ad6feccdde84
SHA256ccd1b41951be4a742d736c91967e6fabea03b13554bf3b48c1b3a30169fd82ea
SHA5125004ba29a4c2a2c15f30a0c79b9dc25afd0e37af5e9491bae77cea948c11f558a330245a4775a166c369c435cf72101a039758636c3e624a4140ca3865547ac3
-
Filesize
6KB
MD5b77fc0eb3da535355f4f2a6e8453fae1
SHA10a9e114509b34ec1c561d7d54d856bf1a0f5725e
SHA2562e11dbc137823c2097dfca610a830e5810b4560d35cdd7d949348777c9d7d062
SHA512db1fa1f6da576862a4f5720aec55ae7023031c18985b927b0a55c6aaa5c6209ff83cb7d4b9434ef2fca7aace06b9aeff3bf6ff7204bcfb96c4efdfad0cd98aea
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ebeaeab5-f1e7-4c65-8b38-201f82b676d3.tmp
Filesize1KB
MD5ae27f15e2b20b69eb58398c8c4b26511
SHA1473d3e6780f25d7e8ac51387aaccc9ebd4dd0307
SHA2569b6671c4444cd4dba5f298ede68c72aa129c505eb8f76b19c4780d5da695f4ee
SHA512a32dfb1ec1d7a329ef36ba6a3edbf2619f69542c86392763968ced1fbcc8ea4bd686b8823c74c4deac7bb6b2c63afb33ae7ff7e754bee29481821479c6abd3fe
-
Filesize
10KB
MD5f3b7b798e62901f662e26cd6b94807df
SHA18990db4eff1daed9e573cf73dff8d48e542b53ea
SHA256ec268739db4159958d0ee9281f7cb898ef0028bfb40f5b91b7f30e7f7ccd9dbe
SHA51249ff175ffb4b0f9a9480088dbf05d3a6b8ad428688fb9e8e947176284a19d3aef21a3cc70be512b8b5e454af269ee7ec28a39f96f1ebe26f43b041f92a130382