hxxp://temp[.]sh/muiBS/another_trash_malware[.]zip

Resubmissions

25/03/2025, 21:33

250325-1ebl1ssyhs 3

08/03/2025, 02:26

250308-cw6ayszzbv 9

08/03/2025, 00:06

250308-adswsszms3 3

07/03/2025, 23:14

250307-272vcayxd1 10

Analysis

max time kernel
10s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://temp.sh/muiBS/another_trash_malware.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874120085172462"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{F046D60E-AD07-4FB6-AA05-DFF22111AD72}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 5520	2708	msedge.exe	86
PID 2708 wrote to memory of 5520	2708	msedge.exe	86
PID 2708 wrote to memory of 2500	2708	msedge.exe	87
PID 2708 wrote to memory of 2500	2708	msedge.exe	87
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 1668	2708	msedge.exe	88
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89
PID 2708 wrote to memory of 336	2708	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://temp.sh/muiBS/another_trash_malware.zip
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffecc0cf208,0x7ffecc0cf214,0x7ffecc0cf220
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2292,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2544,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3400,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4940,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4796,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5684,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,5640996761943927524,3262112994393229311,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8c851bb2077bb98269b33d6cb496e1fa

SHA1
b9175ac1888160c84aac6be139bfbbec71433b8b

SHA256
3d2097217faa2c619d7e32cde7a7c6e6f4ab22958a758f0d4b3bb3dd0c304686

SHA512
ee8b07ce02407a3a6c5fc9b190dcd1a138646adaf461de7c7838e1ca44697aef7cf009b2192986b3e10dc7f99ac19316b9c8a3e35c2ebe78ca3aa83cb4123fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
6fbecd19926f58b0162780b1933bec95

SHA1
f9e0c272aea0e95140d47742ee7eb5f13e8d036b

SHA256
8eef97371a10d420679edebce7846bfde11a747cb58f0c6eb6fc1d0839076486

SHA512
b7b639a97753e956f2ebb03f7a1bc4d57f740782c43ebd7efca08d46646d43174993cf3a515630c126d375a87f23a3b238028476aef49149305dcaa390edc915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3ba69001a287c479ea0c9edce7831546

SHA1
98f28a87001c5467df1b163624cf0158c3246666

SHA256
e34bd91bda6334dd37b0fa53ec45bd7db6546c2890a023979dce20aa6f780556

SHA512
70ba1e9e8281b969ae18ae105ff2c3390359b8e7bb6905918fb1d91b6e96d4550d6a2aefe594723139e861c584771a0faef143c4c111060246a74aab851af9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
6d56960c28764a3ebbba3ec2dfe37442

SHA1
01b6c15dc63a007a57f6e58c2d37eda1cdbfc207

SHA256
bc21fe146c9d9444031655998be4ca343a397e39c7704b9f840c98bc032aae34

SHA512
d7ee0dbeef0082e56879e3242179f61f957446c8863faff3784530bf6120e5dc9cdcd99ea02e8734210dbf7abc453e7c15baf86b3b3201225d8fc60f5fa42c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
14354bd35bf945ef40c5eef6c1b58722

SHA1
302283475b862e4527332a8cbe770ce480df9ff0

SHA256
5f5a827d65324bffb1239bcdbadb05fdcbc1af6cf7387e60a431a6cc2457c62a

SHA512
6b7bb24ee493b9d93d97fdf39a4cb69522ee2827ef87a0dfe8459862e51390e80cd332583d43ef7caa7968827e6d539dc68c2f1e442224df5bfcea878942f0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b5f9362873ae42018d54b478a3dbff1f

SHA1
fd8990c48f90bac9605d17498449d458c28634bf

SHA256
44df772cace3ab35d5307e8878b004cd36a452e48477b550d3ed8367aa975770

SHA512
26deea1456d096e3caed666bc807676246d9c242878631f236d9dd31a6e1ca1bb6b24e85db648919e2b564358f602777298d84889eb77e7ed7a57a497a5fc04c

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads