Overview

overview

1

Static

static

1

WXC8S5.html

windows10-2004-x64

1

Analysis

  • max time kernel
    95s
  • max time network
    88s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 21:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    WXC8S5.html

  • Size

    12KB

  • MD5

    9cfe95da53a8117829b4a618fc582ff5

  • SHA1

    76c384d7c540232863d8bcec7aad777e3883b668

  • SHA256

    fa5bf0bee39cc65a9df85b5232e36bced3c4936d45cfac3bf49334a029747b39

  • SHA512

    30c9b01157a2ce5027e57971cdd8c6a625b82085e5dd38721e903256ce6e1a74e22f93be008cc9696732a230725314e8359357e4b09832f54bc8a56586fbc34d

  • SSDEEP

    192:PNzkAToNnTo1gU23Fx59FCNNoAeIz62tmzJ9SGyAgqO:BTToNTo1gUyx5C1/mze2gJ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\WXC8S5.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3748 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1888
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebc5f46f8,0x7ffebc5f4708,0x7ffebc5f4718
      2⤵
        PID:5032
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:4456
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1616
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:4464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:2532
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
              2⤵
                PID:2900
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
                2⤵
                  PID:1736
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                  2⤵
                    PID:2096
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
                    2⤵
                      PID:4320
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4352
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                      2⤵
                        PID:776
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                        2⤵
                          PID:4152
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7991353135318956895,4997666009324038902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
                          2⤵
                            PID:3204
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3216
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1368

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                    Filesize

                                    471B

                                    MD5

                                    164c747ec05b351867ac47fb8ac89dcb

                                    SHA1

                                    d814dbedc7356af4d274b907692c28baea48dba0

                                    SHA256

                                    e675e63c991701c36625eb6ef0d2e009c743f7a6843192f74bd10ac641503181

                                    SHA512

                                    895663660c26f74561154925fd7ef4c2ee7e8fe0ad25985f7ed51ceadb476d576450c8c57aa8e8ea350be398b491f0bb5fe54744d7d1e625e4ab97a93b375643

                                    Download Submit

                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                                    Filesize

                                    404B

                                    MD5

                                    062b6bf7142fa6f960f4b303fee58b7c

                                    SHA1

                                    6d6ec5b0c548127dc96a98e501e523f2dc8bd7d9

                                    SHA256

                                    fd7c6471e61ce440ad042d4b453ede07afcf2feda04c4b799b949e36919bb60b

                                    SHA512

                                    dbc58ffa58088a285e1edeb4628ee91e76b70301b82cd514bc8ce6973f1c11cbf9ac4707706b1db93a3012057eda606871ac6b8a395d3f63bdfa45482c6ab3f9

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    efc9c7501d0a6db520763baad1e05ce8

                                    SHA1

                                    60b5e190124b54ff7234bb2e36071d9c8db8545f

                                    SHA256

                                    7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                    SHA512

                                    bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    f18bc5a8868b4a5ea7e283321c85af65

                                    SHA1

                                    17f6ea9611efb6ac2f2bc6d9f887d219f89d841e

                                    SHA256

                                    4006392626b227cc8f054957955a53ee9c16ec87089c83891fc4d19d8234295a

                                    SHA512

                                    c7ac32f430aa71a7070110622a41003b903f584f3c7af6af6c8f9f6036ba34a37732b67655480cf59e45352913e22f5be14839355a8dcc3ca8561cbc6e400308

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    494688ce40dbc377b034668ca701fc9c

                                    SHA1

                                    2283dce15052f52e9b190c48c9716acc516a20f4

                                    SHA256

                                    321dcb0519e2f3d8bb6281836ec4b727b35d20aa7e428f29f54579789a2d211d

                                    SHA512

                                    be9db010448ba798fcbbf64dab00cbee1a2f12dbcce78388a478726489da6a76027f9d3916a8eeb2d7ea094586d7d2aac246d457b5b00b9f3f1f2b71e72a33ba

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    24KB

                                    MD5

                                    121510c1483c9de9fdb590c20526ec0a

                                    SHA1

                                    96443a812fe4d3c522cfdbc9c95155e11939f4e2

                                    SHA256

                                    cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

                                    SHA512

                                    b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    b43224f0139b8427062c0335503e35b7

                                    SHA1

                                    9a141b8eab1fc91ef92c11868335fbbd5d6cb33b

                                    SHA256

                                    d40cadf9575e9474288a21d1a792a33edd8cb267264668f4095d6870741a9c55

                                    SHA512

                                    b9efef1e207f8cbf66f5c95f17a0a2cf0729668f9e6562077b4625ef731bf48d0801ccc207eb0b4a766ce96f1bf25fa7cbbb4217fd4929bf9f90de75eae215ba

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\suggestions[1].en-US
                                    Filesize

                                    17KB

                                    MD5

                                    5a34cb996293fde2cb7a4ac89587393a

                                    SHA1

                                    3c96c993500690d1a77873cd62bc639b3a10653f

                                    SHA256

                                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                    SHA512

                                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                    Download Submit