182e89533776117b1b5fef8ea044c080474168e516c802fb7bc9ebd29f465678

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9bcd712d537fd0d72d72b718ecd97623.html
Size

43KB
MD5

9bcd712d537fd0d72d72b718ecd97623
SHA1

29a5a6f5e69ae26d00d4dee9595f11f2790e1fbe
SHA256

182e89533776117b1b5fef8ea044c080474168e516c802fb7bc9ebd29f465678
SHA512

63e33e9c3c1d82b1dfd8e30d696c10a115fdaff8e765dcb7b07d2ae38625c562f4519ce245f491f88f2b5864a98d74b688a0f66c5787482e94aef57273e7139c
SSDEEP

768:/0KPvngKBElr9XRNdlL3w7SPtBpq9ideu9aZHPwrhL4vPOF4l2S0H0QU4VYCzx:/B3ngmElr9XRNdlTw7SVS9iJrhL43OFD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
4696	msedge.exe
4696	msedge.exe
3224	identity_helper.exe
3224	identity_helper.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe
588	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 2292	4696	msedge.exe	85
PID 4696 wrote to memory of 2292	4696	msedge.exe	85
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 1456	4696	msedge.exe	87
PID 4696 wrote to memory of 4340	4696	msedge.exe	86
PID 4696 wrote to memory of 4340	4696	msedge.exe	86
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88
PID 4696 wrote to memory of 5004	4696	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9bcd712d537fd0d72d72b718ecd97623.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadded46f8,0x7ffadded4708,0x7ffadded4718
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13905398308391580132,17623392181921543700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c3190e859e33399286cc737e4244e5b7

SHA1
26fc3d3fb612cd03350c9093e482ea18cc79e431

SHA256
1a56955348fedc6fd64202a0cd9ff173dae9d073ae50fede097906c12438463f

SHA512
fbf1eeb906a5df4bb9c3211733d8442f9d80fa8480b6c7fedff08b574231f4d3bce79e3584d7663b9f81f91a87fd1f9e14659c2d4a2816b878fe6a480440ad26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0945f952191c8aa6b640b9c27bc324f9

SHA1
9be6f0ee038cede0f65caa607302b3afb67cd49e

SHA256
3da685c45f5120db45ae7ce1c8443fac4220fb0bf0abc155c17e1b3a8345dc72

SHA512
3851b5db5e12f6c36b9b873b620394b2aa4f58e7ffb538984ed4e1c6618511365d3d3e908c623b3955bc815987bd788fa337b1d1e6ff9a6d668f4baba6b973f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea742baa6d749c1c4a9e35b375a36815

SHA1
9b6a2779869dd2933dfc5f22b945b8d813e36177

SHA256
f83d88f34dd12425db76b15fa57007efc208eba0a243d2275900936bbfcb2b6b

SHA512
65b3bb034483911087f4224267f32a68efd11b3781e3b6a0b62e00e2be12db5c8aa8ee16df68a71c603d0fd7a84b3ccae22a53276482bf89c9d5c95299b09418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fcbb4b6f-e089-40ce-acc6-aa731ca0b99d.tmp

Filesize
5KB

MD5
b1d48039f7c1bf4303cd529a288b821d

SHA1
32a2f972c5cacbeb8507d6055844543b36318f25

SHA256
ea43e733b98f43910d242d1a75bfa303e4cbe9f78822a53a0bc238ff4c7249f9

SHA512
ab11d3704304652e57bc81adb1f7d50edb780a8f8bcad461eca91198774d6a47a1e4e678c6adf1637505b3945768a1a484c4c2566f5b2ce177095c8f4cee59bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25bd90de743b7117afb1606f21ad865f

SHA1
ee2153ce8cfece63476278bfd6746a4cab740837

SHA256
153a5558021634553d69662087e0d39598ddc8064aed33f2f7dce8670087dea6

SHA512
c388d8453d64fa52113e35507b274125af17de16e1e215f0531cc02848293b3f58b584b9da5a74bcdb7f8d3e350e8a270e266c82ae03b93dd22e34be7508447c

Download Submit