Analysis
-
max time kernel
58s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
26/03/2025, 18:54
General
-
Target
http://www.google.com
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://www.google.com1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x258,0x7fff8ce3f208,0x7fff8ce3f214,0x7fff8ce3f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2300,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2416,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4276,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4516,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6168,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3468,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3532,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4556,i,10253573648289264551,12848808288611716672,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD50db1d88802048ff847bfcf47035335bd
SHA1bb54059e5b145da464f6521ae67353889ce00771
SHA256416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a
SHA51232c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30
-
Filesize
280B
MD58734b4a181214bb62f91cfa36c7e2c98
SHA19cff323f10778a23d73ac3dcffc038d3bf661b78
SHA256e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5
SHA512e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36
-
Filesize
30KB
MD57c734411025a7567ac0aa9541179582d
SHA14e39c54dbb74ead5cbef289781555f78909f9c18
SHA2567d4f457233ed9a9b7d60e5447fa835889440387642af74f2b13c3a63e6abf532
SHA51219a99c21ee863351819cf6042384ab43d430a32036d29a2aa8b23b6bb6e75bb120b4bcd61ed6f0076bc77376fa31ddba3f542824251c6807e444bf95d61578bd
-
Filesize
3KB
MD54187dd7565776db8ce54ace3e8b5ea92
SHA1f390fb2e28e2ae5265601ac495f9893984e83a1a
SHA25662893c46db9ef2dfbf0b39a47ce41056cb6d1a461aa050ae0e25528dc52301cb
SHA512464560226e6fe9363200b46aad3a5c28e941a80a2cc7af89f09b8511b3c7aa4f2f22469415836b2a1f579e3e087390d09b46e0c1bb1287cbadf6c8eadb6051a7
-
Filesize
3KB
MD56b1de5c1dcbe034a001f17f4611adf27
SHA1caada821df862a998aa3ab577a7c9061859b64a1
SHA2564450ffacd999aad81267c3f188e4054da15dcf78aa39658cacf05e71fc0e367e
SHA5126fe4b9877f375ecabda10ab8a82ea24cc8266d786c87f1512d02d9b813f4d51456d60de55f5055c55a40f7d57f3ca18854a073ca5267fdbaf41da2740f3b1129
-
Filesize
264KB
MD5cdce1851f82dbcd0931fcc10060a8656
SHA14b2a51ac26dec233ea900ec45897d8936366f7b7
SHA256576f350b8abece4b1eead9033f06cb061acd006b0117e97d9cc76406015ea5a3
SHA51254282507cb2a102bec66ad13c2f2627cd643f23730b86467c573a759e0cb084ace68e719aa451337f66ef8f0e9a4bfee5ef43e695e95c208ee33e5f53f3e87a6
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
11KB
MD5122de4ec601978415e10b8b28eca2956
SHA1cfa67d09c35d494fe88bcdf30224880462154d45
SHA256296f0a7ad4584ffdbce69ebdf727adad9997453bd0168df6757a26a32ed39da6
SHA51257972e75cf28229c7a4fd55cf94551b42cc821a84e02171e5f3e3de8cf5cec06692cf71ca888f95f782f8c75a90f08891f7f2d80179057b18e873c646065cc53
-
Filesize
12KB
MD58db10ebbd8d89eefad3095d84d64f3da
SHA1dddf001a150c04d57c54860e9772953a1ae78a9e
SHA256d06d386ea1fa8fd88caf67a8cde53981d8e844da5eba53d6302326f29e1daa09
SHA51237aa9ed625f7c5074fb3eeddbf218e4ac748c3a3a920a596b46b676bc791fc5f6311928d88292d8d78759ab195d3fbeaab27f8861800f0ee72e3cce3d8f1f23c
-
Filesize
12KB
MD5dae6ef70f48d99fc897e58dd27d4a95f
SHA1ad13f74d38ba2cbbbda69f482fb64f7046003220
SHA256ce4e067f6dea619a5e983893eb978149f0c5e9591c04b613d8550e60153d905b
SHA512a323c551f0185c61590849c7804ce0c48e0bd0776697e17ec65f87f7e0a4be5809ccb14f1349c4b7fc8cab357aa923a11332a700696c61ddf703cd98a52f5364
-
Filesize
11KB
MD512688c02db6409b027d1ea01c0bf3ae4
SHA112039431efb4e978f730f85ac8cf3234c726092f
SHA256ee490b3df2f152cb365cd3d7a3d4416c207b152b1980aec0ea7bd66ebda39725
SHA51254d8e3dc4682e394871c657402802956bb85e7a8484d49d9e29973fc4e6bfd4d4dc4fbdbe3ef8bf1bb0437b79c7b3b0337ca760e51a2eb6117fc0a6c3615f53c
-
Filesize
4KB
MD5e43dc184ba76f86e3d013ea4766b701a
SHA1f20d49ffc39ade4b5736af6f759e085c911ccde1
SHA2563a4be8dc6509cebd3de420e90fa9990bba4b44dd9385837cbf16840ce035e7fa
SHA5124c30b39304f9f8f46cf9f1ea18b4b2e357f731a05f124f9a964fb815fe44a439fa5837c2efe1a4640444b4f32c58c8a9ff82c4c0d5b695daf945dddd04dda401
-
Filesize
10KB
MD5ae45db6164dffedf8338a25944f0ef57
SHA1564447c1665dc8b98977396a582ad1243423b650
SHA256f679d7fe04f2d92e1d3e8ccf2e971a537d3945864a3e90e6220e33adc2ef2a74
SHA51202eafe83ae1b4b71c3cc5a86d451f4b8e0ac5ef9b91f870d76b7162a6fb7e7243da695cc11d3221a3a2933a775fbccb11f00b532bb0a70d81f6b1c40c6104b4d
-
Filesize
16KB
MD52ac869baef930580a293a6eab7f5700d
SHA1a75859833022c125a914314fda1b238478f70116
SHA256148c46d5de479961dcc4202442672b5cc4df7d682b527d67d4372da6e1f1fba0
SHA512bf8970a81c77244cc1afb9665a3273a153499b288da91d0ee4a2e77d8a8015304a0fc6762cb6e62593d8fe9ade16cf9caf922904f57c6e97ab19558342d74fa7
-
Filesize
10KB
MD56ee7382b1faf44916efa27c40dd0d3a4
SHA184e555a26f2fb5da080e993330194e647f8baef3
SHA256207a9a18eb081fd4d7d3a6cf160663a3f4d8a087707ef349b794627f46a18c14
SHA5125f4db76c6ba11c790267e166677e28912718196029d9f1071595dcba136563be1f14c9fe6ec1d83d5d9662c0d0e140ad8e88b15af0dd5fd940cff7dfd5063435
-
Filesize
6KB
MD5d024e46a538d3213fb18130c0c5d0513
SHA1ee7b65594a3b3549471f1785c0ddfbd70278372c
SHA256688514632357f5f6365184194d0fb3bc3400340b34e7774e91d428bc06c7e522
SHA512e7da9251bf858a9ebb1a9a4f40e1039dc97af22a461946d92effb73490ec4f99333f442a43be14fd3f803eb688270d5e1706741fac23424624db1fb820727b2c
-
Filesize
7KB
MD5e47ccea0f8bd8049d4b3bed09a02d905
SHA1db10450c6bcfcb7f9df80b32b84f85d1e11bd320
SHA256ff476ca542e4151966c514d28d8b1d77256b07cae9887f916be8445bd86d2151
SHA512e4a37839d067e3c7b06a2b92abbbcb0ddd2414336847103660bc25873eb0e7ddafa8cd26e0439d2f47fc2688116389198a5c5dab6860dbe05d3f479c8c474be3
-
Filesize
2KB
MD5e42340946b81650ab61847bbfb3b88e2
SHA10b1add31fe9aa2254523b6cef89292476204036e
SHA2561941ab9edb3b4b77309caa2198465fe28a0f9b83fadea862b7343cf056308d91
SHA512ece90607f55270a5a8f741a8e0c3914b073ce05623639a4038b9709df946ca8615655530ee27c4546de610933e7b69a5723fa598cdb96e571555bdb2333b4436