00c728c761a756c5b6f555b026b92d141a28b0c5d76b1ea3c25d4ef972806fbc

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991800f3c14e5d576d918eee062548f4.html
Size

56KB
MD5

991800f3c14e5d576d918eee062548f4
SHA1

778e904cd87d2f01560a0aba29aeaade0f2deab9
SHA256

00c728c761a756c5b6f555b026b92d141a28b0c5d76b1ea3c25d4ef972806fbc
SHA512

25d7dc06fbf46fa82a9c35c45ee5eb45750a5e490d388cf4d421c5167d51b90e935c6414c16e08db398bb82a0531b9fc130eb4575a01c171c3c25a91b7a3e2c9
SSDEEP

1536:ym0IdjTr5aO9M2x3X2KBb5LhE6hVIrPS5ctp6nDn:ymVdeQnD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
684	msedge.exe
684	msedge.exe
2352	identity_helper.exe
2352	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 464	684	msedge.exe	85
PID 684 wrote to memory of 464	684	msedge.exe	85
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2704	684	msedge.exe	88
PID 684 wrote to memory of 2844	684	msedge.exe	87
PID 684 wrote to memory of 2844	684	msedge.exe	87
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86
PID 684 wrote to memory of 3036	684	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\991800f3c14e5d576d918eee062548f4.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a746f8,0x7ffd67a74708,0x7ffd67a74718
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16169741479648863531,2841014064281628132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\80ec3bca-f054-4d6e-819d-425892f45075.tmp

Filesize
10KB

MD5
4e14bc6349501cc82a1009003a50ae9d

SHA1
29c785e944c100464055ed4df528d66a940fbfa0

SHA256
fdb95d9805c625473769484cd23e04f0215f2699af92e26b1901bbb5e05b46ac

SHA512
e5c823e58e62d3eb10e4440dc0650dadd9a7ce0eef2044235535066e639b23ba506b5024ddf58f2121a00d71869573fbc486d39f21a04a8efe0bbc9cb46cb594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58154763607d68d9efd587396526228e

SHA1
325a43182f2d954c49f7097cc7104028b54b44bf

SHA256
60c8bee5f4ee52addb37c406dbd01af8e52b9c0a77db43427e91aa961efc2308

SHA512
09e764feab3191a891cd4d2ed54f15153b764c24aaf56ac389c99fe8be7e92322c5ee6900692172590537be791981ab24373560ed08aa6110d22dfe4182b1ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ba9b7bbd3302e8154227ef64d0600b61

SHA1
e552a9bb8210cdf03eb5ca3a2ec3d8a95853d6c4

SHA256
0f929617491c3b391a06bf48f5d19bab840adb137c14769ab105da8bbf01cef7

SHA512
248dcfb446eabd9deadb760603e6d6b49ef636965c2294032771296e6db1c5e444f6f7ce1f6d34925464ac5b9e45f687bb67811dbd21c1efd0565be011784990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fa2a069ccbc46a1383cd7e2e371e1af

SHA1
589af326f4ba27616708868e1a50d5e70178907f

SHA256
3ce62cb1ebf1717cde8a425451d4e5e9d782da07abf2145b87abefb3eb0b8563

SHA512
ea34cbbe30832958ed3a03b9cade0af53a4812b962d953f495970493d59bfe748e54f21fdc515435bf2d863ebe10a1ae5a07f932d95b7c8dd116db312912067e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit