Analysis
-
max time kernel
71s -
max time network
74s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 18:36
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20231215-en
General
-
Target
sample.html
-
Size
217B
-
MD5
659a1be6801d8e0715a737f4d5d511b8
-
SHA1
122240b49ef21946c332ae52b4a25c999d3b18cb
-
SHA256
b1f8e1d15ce220ad29a172a072d804da5cb579a3672dcdb541f79d2f34d10451
-
SHA512
c605894c76caf560edcabbb9bcbbf73d23958593fde3fb0a573716c6d65cfcf8e6918bce8abefe30a0862f8045eb3e6f247a7a2e1ef7119c978bd1a7099099e6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 2392 msedge.exe 2392 msedge.exe 392 msedge.exe 392 msedge.exe 2328 identity_helper.exe 2328 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe 392 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 392 wrote to memory of 1568 392 msedge.exe msedge.exe PID 392 wrote to memory of 1568 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2376 392 msedge.exe msedge.exe PID 392 wrote to memory of 2392 392 msedge.exe msedge.exe PID 392 wrote to memory of 2392 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe PID 392 wrote to memory of 1656 392 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5e6946f8,0x7ffa5e694708,0x7ffa5e6947182⤵PID:1568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:2376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:1656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:1816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:12⤵PID:5084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:12⤵PID:3268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:5036
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵PID:2940
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:3532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:3732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:2980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:4512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2420604475674575354,12687970366863001754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:5024
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4512
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eb20b5930f48aa090358398afb25b683
SHA14892c8b72aa16c5b3f1b72811bf32b89f2d13392
SHA2562695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35
SHA512d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8
-
Filesize
194KB
MD536104d04a9994182ba78be74c7ac3b0e
SHA10c049d44cd22468abb1d0711ec844e68297a7b3d
SHA256ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1
SHA5128c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD529ffeae0958e51fea65011726d499cc7
SHA130b4cda4dd4030d347fb7c736b63bf9e9d352f35
SHA25691e6b7cdff79b54a9dfb102226e58409e7d86eecfc6857689de749559d2b7172
SHA51245eb229bbe1ddeac19da0959f19c02111b6f242cde39d7892d9b43e38379d5b9eba141fbc38cca64ad6be84fc6d5bc13c334a2fd38b9416f55b4b870982912c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD582937105486cefb61ce1b01b15ac8691
SHA1b07e863c4c97f57fab28d14bb57df4035c087126
SHA25613098c8a36b555dfc5d350fea395dbd83a6dfbca543c625a4e9b54fe698ed154
SHA512a51591eee4ea5e2be468d972155e6d19a1f5f019f046478295799ea20c35699d3e98582c3b4fb71f8d9b294607a76f8260e35aeb2798b3b56afe7d7eac32d6f7
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD50e14074efd24cedbce673166d5c41ccf
SHA149b92f55d5e1ba6495c093d611555ec40bcc273c
SHA2566b3f89b12d55eaf7150ac2d435cd0aeb3e364cc373edad659e524aa0fb046730
SHA512e474d6361d8c1175f9cc41d4f38aab736120d375a7ea5395f0a6efaba2b21b5091c8ced266f07c20a17728a0f783df0d4e5fbbe3bd0c124671068f6017d69c4b
-
Filesize
5KB
MD5ea242db89fe0880047affd21ff11d586
SHA1747268406e895e82b077d6bf5aaa141f7e3054cc
SHA2564fa7bd1159eb996b4b42d991eecff39fcecb1227d20b85cbc367a0bc484ac159
SHA512f7276a25cee474469ca44c1c0755d75ad6ab790d51e61f6684ee7c7d28f1f56f6f7220e70f9aa7ecbdc0574465cc987522b432ba1d1de47d2c61f969ef27a235
-
Filesize
5KB
MD5f5c66ff0d8274a2f1a88ce10b8744488
SHA1d4c37e825be62d460d74eb5fca1d2a73f3a69c43
SHA256fd963b981d90c2b853131c817129def598bf62926de92773caa291e2ab3b318a
SHA5122754bb15a2b28b0f6d73ab0fcd7ec5077eda8871001daac0c375cccae56c39c218129ee32d13f2d0e3dda1a99ec21aab294671f9e37c83456fed080dd2e5fd37
-
Filesize
24KB
MD52bbbdb35220e81614659f8e50e6b8a44
SHA17729a18e075646fb77eb7319e30d346552a6c9de
SHA25673f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd
SHA51259c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f4a7dab48cf9242b4940670324efad05
SHA11e2fc425b21939564ef4bf7928443501f9d3f1ab
SHA256406ad917597b1afecc31fc92972c082c183327b567b3647e5b81f4c5470ccc17
SHA5123a0ffc9e93f4b8cf8c06eb6ac89cbb090ad0b7c7a615dd45b425b089c9150df3802f8d384de72f590505f71751c6bdb63e4a71d74f85abfdc0dce497d1b5372d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e