hxxps://example[.]com

Resubmissions

28-01-2025 13:27

250128-qp9axssqck 3

28-01-2025 13:08

28-01-2025 12:54

28-01-2025 12:51

27-01-2025 18:45

23-01-2025 19:23

12-03-2024 13:45

12-03-2024 13:33

Analysis

max time kernel
840s
max time network
846s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://example.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2824	msedge.exe
2824	msedge.exe
4204	msedge.exe
4204	msedge.exe
4588	msedge.exe
4588	msedge.exe
872	identity_helper.exe
872	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 3040	4204	msedge.exe	78
PID 4204 wrote to memory of 3040	4204	msedge.exe	78
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 1512	4204	msedge.exe	79
PID 4204 wrote to memory of 2824	4204	msedge.exe	80
PID 4204 wrote to memory of 2824	4204	msedge.exe	80
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81
PID 4204 wrote to memory of 4776	4204	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://example.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7ffa41d63cb8,0x7ffa41d63cc8,0x7ffa41d63cd8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4944749314965273824,8349479322369835890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
491B

MD5
7d6cbab5eead87a2d8f0c4d3add736a2

SHA1
b49ea77c4b15ea87d2ab550ee5657a7cf1d61d40

SHA256
8077387574b17b0642516f64a6689b1b97cdd4e6cf12bfa6c8352b1102423c9f

SHA512
71366b386a2153e3e9d75a44ecba66373994095f06744fa30f33fee063384d8413c9e7faa6cab9cc1922771f9e04c56513fb749033dabd2fe6c272aad61adf04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cdafb8451a1bb27cd677d24cb1af872b

SHA1
a016ab032ee36ebb31562482e62c16881de2f13f

SHA256
dbf9915ff25cf073e510d3a4891edcb5686619cbd170fa5d779671b35cb50f95

SHA512
1d54241dc37a9ec5884d1d1264b647b3fa431a162c9ae5336e6ab16ca973cb742801eb019e1d22c7f7aef5a28c50f02754fcabedef37fab122396e307e1e8559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f51290051fa2ff731cbb49a0e078cd9

SHA1
d7da65806087197d4895d86c9e88e911be923e14

SHA256
839e9d19a8caa0db3296ba62d430f1187005977d281d73455f7b552a6e223af5

SHA512
dc7b3c9748479d3c7f22108f12e08803d0ac84aeb1e37f5a967d79dea7c85d1180da0ccf199973aec2d6309ec9ef91e7668ad7cd1761d55e41bde957761ce4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
03be5a163e44976134d8150723ddeded

SHA1
620c425accbbb186bd100cbd4194bcebd28d6c2b

SHA256
785e21f0a21027eadaa572e7fec10bcf7727bcf903143ea422f261e1f49ff7ab

SHA512
49d87586531bbbe6835ecca09657025f904729ec114ae26391cff16d9f6bbb40904c8bda56713d5579edfa307512f16d04593d91487760c1326f34627588228e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5646b2bb4169defe938f259a1e7d0ed7

SHA1
a85121fc131dbdaa74169ef213ecacd663e20528

SHA256
6b493d3e301ea3c06e5f28f453ce13e85340fcabbf873cf10922b5689e986123

SHA512
8334ea23ffaa9711baba58f089fe8c3e2d1b7220be09b8340cc554dd12b14e227e8d98b3e327feb2b3527bce7fdaace18460e9df90898fc8f2d740756a56d2ca

Download Submit