a024c123ad87f3d632aeb43e692b715a88366e6c61abab0dfabe93d4e9f30397

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b27ab401d32066e2493eed8b9e23c9e.html
Size

6KB
MD5

9b27ab401d32066e2493eed8b9e23c9e
SHA1

f8ae94ce3cee32d0e0f947831a3fa2812d9940f6
SHA256

a024c123ad87f3d632aeb43e692b715a88366e6c61abab0dfabe93d4e9f30397
SHA512

c3e87aa9d7cb9d2e2aef2697326793ad35dfef46fe1cc1eebefa02b6bee4e54ba2309971f7721fab1147e8e30dcc3a3ebf2e4138e93891fe77ea153ca0791af5
SSDEEP

96:PIiokDBDlRAt7qWSdNIn6STpZXsLM1wi8PV59Nl2uulmN3CA2Vj/5x78HMphfhYT:PMkD5XAteWuIn3VZcriASj4sjpt/TU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
4336	msedge.exe
4336	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3832	4336	msedge.exe	85
PID 4336 wrote to memory of 3832	4336	msedge.exe	85
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 3276	4336	msedge.exe	86
PID 4336 wrote to memory of 1504	4336	msedge.exe	87
PID 4336 wrote to memory of 1504	4336	msedge.exe	87
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88
PID 4336 wrote to memory of 512	4336	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b27ab401d32066e2493eed8b9e23c9e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9230046f8,0x7ff923004708,0x7ff923004718
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17667489426572273448,10386407627538694890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c0818a3-e13d-49ec-896b-64fdd853be3f.tmp

Filesize
5KB

MD5
8eb10beb2e8d2f1140abc65e0626bdd6

SHA1
a393b29ee82e560cf7c5417dc1da49f0df955853

SHA256
45d4caf5d1f745d24dfc8e2572eb209593e61038b6ced6f14830d9c58ac4f331

SHA512
aec499b81442414bc563e5eea8f73790df95cdbe01f158209fc3a944abf42324dee7bec3523dc8ce7d92f02cdb32d5f51daf47999d236412219b9915595d066b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
200B

MD5
776ac96b2493b9e51ba6e24bb0e3b0b8

SHA1
d907e360a0dce61121182b429559c8298e5d4bc7

SHA256
309b5af1bc51a2b5477bf918ec91bbbd017399bb17ce35fc6fe4be37d622cc56

SHA512
90d94cdbfc0be69e8a6cecd160ff7b583e42b9ace7fe72e17b7826065facd5fc862f062bb02cb180155b4932a0a93f721b9ef1798eb4c617b7a7ef361a365eb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e98ecb019b29e920c8f36b8c14a9c6fc

SHA1
88bda786e3e47471439333b006c76831d3394e53

SHA256
d47b9b223eade627ac54ef687435528cf6c6f2660575cd8481e3ce19f681b858

SHA512
d89ab3747825490d6863b2716292a39fa16083d13b49eea1c70af90a6dbce490c7c71350542e0dc2b18d7ea70e05e0701b04859983e8e6f582e5896d54e86738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7628187cfb03020cf97e086a0a5bf1c9

SHA1
a8dc14f7c8434392b7a596c6c2f91878cd7c2bc0

SHA256
c8dd25bcbd33e75078f28d07c31659226d3485a997a4f15ae43f5e06dcca8040

SHA512
208b03c8a4946848a5a50339c40e650a4240355401c6e4ce906cc376c651ead5e36e270dfcc0d450e604b5c408a05daa92abcfbeeec75dc79035d6cff6d6ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bc23fd8b3a202dd8f2a48b606f9a1c44

SHA1
9f01ec6b21135398ddf5134f86ac15aaa0f41838

SHA256
3d9ba0017093aac23a52acc6f40f1b556457c379e67691338e8793bcde4f0428

SHA512
a5a0f1996235cc0f6ba30c1ac88815d337d7fcf53865334ce9cb750d8c222bf74882fb6f85957ed4e29709d11ca1ded15681657e18f8a20c1845c503f8815660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
009a5fa77e2f17731076ddd7bd50870d

SHA1
24382cbd30132fc4019d4900d7e6d37c1e91ac6d

SHA256
fa92d644dfbebb95197a5fe68cc6e5fae4edc2e084db7cd84fa2b1ada23ced50

SHA512
f121a25ac739bd88aacac8269e3c90589d462bece5756fd836afd38879bbb5a9fbf4530eb60d24715360275f8a95670b7dc86f323e9c47a362ed7c2527878cef

Download Submit