32cf2caad5a66b308c287f3ab1ae1dc5ec612425064f940bea11364db063eaaa

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 21:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a032b104d489afb8e483ba1ac9b4ffb.html
Size

197KB
MD5

9a032b104d489afb8e483ba1ac9b4ffb
SHA1

8446f2287eaf7d1a96891e1f15ab4b7a42bd02fa
SHA256

32cf2caad5a66b308c287f3ab1ae1dc5ec612425064f940bea11364db063eaaa
SHA512

c527518c46da66f1d2948f7dcf71511e3c361444b9a3c63d89f46e4551033312e5e1b109031694e168c3ca742f6a38fc32309c62ab57a81c1e337b072278cdf7
SSDEEP

6144:hPi3cIIIW3G4k5QhL8atVNiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4fO9mge/bE6zp:2cDd3G4k5QhL8atDiwMIsuQyf5bTM+ME

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4684	msedge.exe
4684	msedge.exe
1012	msedge.exe
1012	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 2828	1012	msedge.exe	84
PID 1012 wrote to memory of 2828	1012	msedge.exe	84
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4840	1012	msedge.exe	87
PID 1012 wrote to memory of 4684	1012	msedge.exe	85
PID 1012 wrote to memory of 4684	1012	msedge.exe	85
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86
PID 1012 wrote to memory of 844	1012	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9a032b104d489afb8e483ba1ac9b4ffb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa65a746f8,0x7ffa65a74708,0x7ffa65a74718
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1882176158611614404,8225280311311682328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2b5c5b6b1cf41f4e0f37e611ed3d4eef

SHA1
977c39e27ea491d6942663a8fefa60476d14002e

SHA256
451848604bed95b03ffdd406b2a8baa55c336c33105fd6b5b70cc706e2ed6516

SHA512
1b545ee8790063d457769cf56aa33883202da0fd3dea2345dc46410004e5d2ac4d6246196a5baa1298f7afef0b22dcb7cb8e13fe1bfbbee289c3c28260f6f465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6a62e4e3899780d48c92a17fd7c17e80

SHA1
07b9aeaa72d565f26c526f3fbc97c0af3be40acc

SHA256
6bd4cf69bd12b58129a74959f0f8a95001ea44ee9fc78d1d1db71fd025eb23f9

SHA512
ffe1677032748023479046f72cc43f19bf88b0e19a3316c7e1100735d49f28120a98d43a1a9a8226c379802ac0af64bd2d479fc906d1d0cf0796c8cff06a06f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1a1bcb278f9efe2de28f888cbf10ae38

SHA1
c59a385d96c8e4dac233c81b3de1c8f31b32e004

SHA256
93c0528eabff56144142b5acb02d4aa9961cb7e6efac8f7703dc4b58879c50f7

SHA512
6328eb349adc3add6d647805f692a4bb46ba57d64a34b97fa5a8fd8c545af58c4df8c207a9ba6a6fe8d15483f56f8db1f98abb3121832bad6b52de5cfb488317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
902a98d2fa55119db591560531e465b3

SHA1
8663dac865fc5bb49e2e196723a1893477eae288

SHA256
f03715cc0abb3bad49976f0cbe1801757d0a7da3cb7d46273483708e8b2a31a4

SHA512
0cc747296a04adf19582407b8ed1e40b599d05d94115e2a25838ebe1fd707d2df2921b358ca30d5a6f8153906d420d4cf27a1fc6cc09822c995d9656fd641fec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17e66f98da0c15b30161faee0fab0f97

SHA1
65c58f9547415a03e9be5a9a9d1c6a055571f7ef

SHA256
e30ec93638c48174c95c17d3e47a97fcb72f11d805037dbd7f210a3c22b8ad4c

SHA512
7714bbd4074fa7e9bb8ddc27261c4d899163de9172e3812509f0a64f049575a366954f4b5439dccbbb4ad9f712fb4c3a8e2acb8300203765b6690bd89f1a67b5

Download Submit