3d8c60410928163dab4cd042dd51d9408d232f2a62fff26fb6fca0e0f866e7bf

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ab805984c4e6aa56ec9aa14672f7cc5.html
Size

26KB
MD5

9ab805984c4e6aa56ec9aa14672f7cc5
SHA1

4d6768e8cc0e35f32e9449244191f1ffbfb48c2d
SHA256

3d8c60410928163dab4cd042dd51d9408d232f2a62fff26fb6fca0e0f866e7bf
SHA512

67e4fe974fa3f5e8a5d5533ca814dd859bc625b3552c73f851de93a17ced37e9c8d94daff7774f0f5d54ba571dee70063c11fba7124bc1f65d3d5878d9619026
SSDEEP

768://1DpKVAqnd+qi9q7B2t44u05t782S8v9U://11KVhnd+LABW44u05t7a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
3924	msedge.exe
3924	msedge.exe
4804	identity_helper.exe
4804	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 3096	3924	msedge.exe	85
PID 3924 wrote to memory of 3096	3924	msedge.exe	85
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 5020	3924	msedge.exe	90
PID 3924 wrote to memory of 516	3924	msedge.exe	86
PID 3924 wrote to memory of 516	3924	msedge.exe	86
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87
PID 3924 wrote to memory of 1952	3924	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9ab805984c4e6aa56ec9aa14672f7cc5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf24e46f8,0x7ffcf24e4708,0x7ffcf24e4718
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5239363284190142757,2517614954103613305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
047e6e09fcacde873e602b9621757bb4

SHA1
34d9379ce52bc628c13ca89abc7fe28d62d92496

SHA256
c790d0e29cdeb340d44a8b9bb496f7e463cbe51aeebf1d96ec87b2df69d3afa9

SHA512
e98355f147375b2bec92138acbd9e4b908f01faa677266709455c57b7eb57310b0d4023a3902ed02bbfe801cf7c11a58ce91d15dcecaac12b6d87783165d404a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27553067825375e6fbe0f16cc39b7a1c

SHA1
0f0efee7c788fb747ede53d5cbe2f469603e1e2e

SHA256
5da12833a98191900671684d0797fa68a84603d1edb81bd888cf71b029dabe13

SHA512
3bf6efc44b0c9edac1a295fae91ce7bd4e51aec0b2aa43c27255c153d3fc2632ac108ca35a25e843dcc15d855261ce67f3397703bfb4eef3c83411322a51a69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f408c60f464feba3574fb94d5a4b8299

SHA1
c90019c58c9f65881539c76215fc5aa4f485a906

SHA256
91ccacb74adbcb1d45a3e3ec596870bd011a08735467382fa2bbc4f4c7542340

SHA512
6c52202bea1936a087b3664052bbcd75b89a9f0b9e4570a4bbc0e0301e6b7c91b63713f3e8fa161abbcd065b8fdde898d94f6e9471365c0f39676eb3172c9763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
494e68a54a8302799a1fd60b6020dade

SHA1
9e791140626f92dd046b1ef317dac9224197409c

SHA256
359b82d902d7298cbd84c8bc2edcb82e975cf4b0bd36faa88b6fde9c0b3e631a

SHA512
e2b44c46579c46502b6935478b978a3bfe12b580d6d8548381bc8612bcecb0242905b29a75a78cd28d5d06186f5c1b2398296959b30e0d322871487a65c2d0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
067071564a52177a490fd6aac7e4a775

SHA1
d07ae8253620db8feb8a5db32b266beec1edf186

SHA256
23b23eb2ad7329cc3db40777babac28d01d40e72391cbb536a2fe0136b0b2e18

SHA512
9d468d00641f1f21cb789aba36c001ed49373b9768619030ae534671457d95f93c29f4cc353efce2249fff2919a73eb62d1b46c457e160a7dc2e9f2ddde2afb9

Download Submit