69f46d7176fce253c4e5f10a114117b8e517a12ee6abe0210cf64e367dc56de9

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 07:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b286283d8a42659da5ccc0c00dec739.html
Size

3.5MB
MD5

9b286283d8a42659da5ccc0c00dec739
SHA1

24595acb4467dc626d2760f21c21ff5df06021c6
SHA256

69f46d7176fce253c4e5f10a114117b8e517a12ee6abe0210cf64e367dc56de9
SHA512

a05feee8565c7799c6af8e040d850efdb81f6b1dea9a02ece8e97724c9f6164a66d798a03c0a8db15076d58451bf3df025e6a88cc5d38779d37ae095cdbfe745
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNJ:jvpjte4tT6DJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
1020	msedge.exe
1020	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe
1020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 3424	1020	msedge.exe	63
PID 1020 wrote to memory of 3424	1020	msedge.exe	63
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4392	1020	msedge.exe	87
PID 1020 wrote to memory of 4604	1020	msedge.exe	85
PID 1020 wrote to memory of 4604	1020	msedge.exe	85
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86
PID 1020 wrote to memory of 4224	1020	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9b286283d8a42659da5ccc0c00dec739.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeac3146f8,0x7ffeac314708,0x7ffeac314718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6950912998958066319,4993508942172370306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
08e03f426e000aa01e4b6a87ce3b8a99

SHA1
785ec77d2fc331ed51268e39f3b4774781a093d8

SHA256
9cd7b94ac298c4f0cdd8e0019104936f42523cd6c36b221adc4a7070cc696c07

SHA512
3583a079849ece50fc5a340b8b3afaa242517422a10fc2ced81a485a2ad4274b9526b145f9fc1ebd63213c16c1b6abc146e144ebda10042be9ed3681d6dd092e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
7c37ea735ddca968c3a659e42f867a5b

SHA1
4224d593859ee9aca22963347697e916e807e907

SHA256
308783f7cec5eea737af03f6427c65a0803e48689cb3496e46a1a8ec669f1fd9

SHA512
3067b7de688ff69a1b99024806c321800c8e7e91f02cfc7e8c9515d93373e3c7a27fce179fee5ab447b78d589e046a7de21a31cf379b3e54f82310f3509f1b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ae2881f62e6600a1c873dab50a24fba

SHA1
6d23d725c1466bf5488a872757ac340dea041adc

SHA256
7fdd172ec9d23fd0bd534221085e826057bf0c75f5778b213881055d4fe70676

SHA512
fbdc8174027f96cc53a3d411db10781afdc97585b4a928a28dfba93c3b8d25705961dd12cc94c9b912b133346a8d3793f30e3f1c601fba5a05751f91897fc8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb8fa8ad7959ca78d92f8170dbf866a0

SHA1
c1ed8dd2ad9d97952d9b10a79654388df7cf6fd2

SHA256
cbc409f5cd6e6991bd0c619328589d588fed62aa7c1ba2f9a4ddb37542f21240

SHA512
77b2da0d721b5254c7393c109c8f1dbdb971ff39569ccab9aede51df8974fb7f707e6c80d3a85aa50d6ed20ef1add3923ffb2ecac73fcde805ee4f3c8395b825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5e023be17ffb0d5dfcdada2a668a6f6

SHA1
cf71f2ee0ea93e553a5187572d2b31b40766194b

SHA256
04d7877a2ec2c0faeccc5706cd1fdd766905be343308bda8ca293e5921e4f211

SHA512
7823127060331586f773966603fc74153c65ba24b0db9882ced885c80589df937f219ac39dc351bb31ed7d51b97332b04ce0b49fe8236f9a76af6cfc8133748d

Download Submit