Analysis
-
max time kernel
140s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 20:15
Static task
static1
Behavioral task
behavioral1
Sample
ip-address-converter.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ip-address-converter.html
Resource
win10v2004-20231215-en
General
-
Target
ip-address-converter.html
-
Size
5KB
-
MD5
9d488dcf700c10b0a429216e76a43ad4
-
SHA1
6608b2f3bb699100b8c932f6931055c30cf2fb92
-
SHA256
f99fa5af8f7d69c3e92c8ee758ab5d62d646b4c62b1d301b961caf65b94829e3
-
SHA512
c18ab85f2d18e56dbc76110be22683b33b0b3b0200d3d12510275994fa84602ab9b783b8ebc483359ab437c91aac494a859f473efe405a8e85acb1ed854757d8
-
SSDEEP
96:1j9jwIjYj5jDK/D5DMF+C86ZqXKHvpIkdNCrRB9PaQxJbHG8q0yTMQr+Cw:1j9jhjYj9K/Vo+nraHvFdNCrv9ieJm85
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 4316 msedge.exe 4316 msedge.exe 3004 msedge.exe 3004 msedge.exe 2484 identity_helper.exe 2484 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3004 wrote to memory of 1772 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 1772 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3960 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 4316 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 4316 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe PID 3004 wrote to memory of 3676 3004 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ip-address-converter.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82ae46f8,0x7ffc82ae4708,0x7ffc82ae47182⤵PID:1772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:3960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵PID:3676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:3256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4768
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵PID:4668
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:4672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13208638693595486870,6260429850659372031,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:3548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1148
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5f89531a934ca5648040027f1c5d21cbb
SHA1674a80f6c203e875a4b2aceffa148760325e5982
SHA2565a59867a77ec1683919835cc8755d9e9533197b6dbc090943dd4e046824727af
SHA512c964ff56c3474cec8b82a6c91ddfb769d0f67af6897ff422e4bd0d6c2d8b86648509f90d1c4e36ca41159a1c3297b966116cdfd2d5b62c5b6d5bd73d8421f1cc
-
Filesize
5KB
MD55b39300c4ac688c46dfd21c64b8fc33a
SHA1732d724eb7c44157d7bc337a2580cb5b572061da
SHA2561ab88f9912e67f4cc736cb172fd07f02a02154b3943c6b9aaf275a0926231981
SHA5129e8e4a3ee724d6101881d9b47ed8abfb3eab906c6ebccb1ca444e856af0c40ac66a4df9d0c428b4a77be6d9950fba7a8ff15843882d5cfa839dae2a8e8d3ca6d
-
Filesize
6KB
MD5d9a9a0536a18065e28c4b62f9f666b21
SHA15815b9ce2b77e0148d97c7cdfa1821525a66015c
SHA256c84b1cf24563bf7adb4131b27a48e8683ff2b5518ebf5f15c16be70e10794103
SHA512272ab2bb27c82f5ecceeac243fe91e7313be0474ddbc0ac940c12e57d822e1882b3bd2f901b841850d9f017e0c620900d207a9d35779ab71afe5dbc35ab76630
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD584ac1f1acc4e70f13aa1644f6169b849
SHA113479a52b4e61dce9288022dd28c7e8352262ab6
SHA256ea6a98a8ca671f7b0519fb9978886c48e8c5617dd71f878b40dde6a124f9788d
SHA512befd250193cfe7f3c5412790b5ada1249b583e82ede62278d1c2a09f9723911d75a92230691e71a5dc0badd1e8640ad389cab26302ea35f6f2ffae18f8f02406
-
Filesize
10KB
MD5491963cee8ef9d46655a366c5b2dbd7f
SHA16bcd8041eed0e1d179064f788193cbf8ab5c3b3a
SHA2564d54142886a5b7139d97803327832850374572b6520cf3dccb9e28f45c276060
SHA512bc2b81c936fe510e090821b903aad62063fcf0cabf1f1f74a1d4b7d7caca7150e0a41316c0af3cbeb07cfea11e6f56c0cbe1cc57eaa4515ed6b4f2913729cc94
-
Filesize
10KB
MD53257fc2f028518a7bdd7585bd9a82e19
SHA166f97f145562b1c35603793c4967acf5b153798d
SHA2566feab37d451f1a7437e0a2ba422bdfcf85e7d7643a9a7a7567a89ce8829ce792
SHA512e5a39f0e9a06c4c7f737f4cc7891d4e2b34d8ffb22526feb694ee3ed348256fa801a92bbdf85de378d7ace93fba0624996b8c5e86a5c20143749d57fded31316
-
Filesize
264KB
MD5333cb9435b33c924cbbdfd46fb856925
SHA167a984f4bf3bd82359927aa4e0026b0298028f01
SHA256c28c0d0f19f9cffd31c05726604b4309c0c98fd6ad7575c0d4910f90acf4ec3c
SHA5124b064fa65896a59e4f8e614238c22863ad51ea0ab97067d9531b496107145a6dd0ea8726c6d4319c1429221a2a5f2e1695d30b259587570a98460de20cd7fab5
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e