7712a1e10d2902a9a172934d06ad633385bbdc9cae69e711211ad3ad3d1dca03

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

991d2b687da5f9e5e9638e983c5bcba0.html
Size

3KB
MD5

991d2b687da5f9e5e9638e983c5bcba0
SHA1

7e34c845006372d5966c3792eca2c51622f293a8
SHA256

7712a1e10d2902a9a172934d06ad633385bbdc9cae69e711211ad3ad3d1dca03
SHA512

d0eca7209f2b3e34489a702c18498ef846df994a2cfe56e593c30a50b3377edb0cada99103174179eb674ab9aaf1489470376a0bc35b64857c13be9647c21acf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
4324	msedge.exe
4324	msedge.exe
3448	identity_helper.exe
3448	identity_helper.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 3000	4324	msedge.exe	84
PID 4324 wrote to memory of 3000	4324	msedge.exe	84
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 4812	4324	msedge.exe	86
PID 4324 wrote to memory of 3276	4324	msedge.exe	85
PID 4324 wrote to memory of 3276	4324	msedge.exe	85
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87
PID 4324 wrote to memory of 4460	4324	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\991d2b687da5f9e5e9638e983c5bcba0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96ed046f8,0x7ff96ed04708,0x7ff96ed04718
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15563695388412831493,361054952083197685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e3a5a7e43f7d2abd1c40a8c2fc33158

SHA1
5178a16d77833a81bf41404b86e42bd20a713c70

SHA256
04abe272ab1aa50e9b51a0cb18b4217f7455278f292e5280fc5047dbb6bf1486

SHA512
5540a16b08a1ce8ce46c44001a55b5b94d2e967cf9d446233df61ea30637088c482bb223f7b35690e21090d38b911494b0b01feae1a5aebf34b7654dd757fad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46ebb259ff8423eda6daa4118b6da1c0

SHA1
ebdb9a14dfeb10d20d7790bf8422dd86417fae07

SHA256
c9b60f6bf7860231123a44ab9f3094757318492141a5d560b91ad0da2e25cbaf

SHA512
8cae9fbfca77b5d40031ca1e97d4c34b49830b2af72a915c3a49959c6ec5523b803b38c54937c7f8df3ce0a70a25d967d751280cd05fe66b004e8e2318fc3f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d95a2b1ff665ef50032fd5d960afc02

SHA1
a6c3f9fdfd30c9726bd48607f09f6371f24b0298

SHA256
7b8a999654bde07f31ca651c55ac6afa3016a1549dcfb975ab86ad6115b68ca5

SHA512
bbbed9699128ebcb87b5c54456f7b2cc480c13aa38af5995b7e4c1964c7559b2ef76ca922f1acc5f3f13906d7101a63d39869405ecd8207dbc86a044f865ac62

Download Submit