0623ba87996ee54086feb7494915810db8b034b3852976f288113bb13ed66c19

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

184598436.html
Size

69KB
MD5

0882433beb2927bb62bc0a1e6a307fa8
SHA1

5ae9f89dc7e03cf043ac0e2e07be23ccbf28e5d4
SHA256

0623ba87996ee54086feb7494915810db8b034b3852976f288113bb13ed66c19
SHA512

58503717a587601881ff39502c9d655fa5148eea94a4e93b067b22f622a520a1c42b8d7d358bbee28dd1626b277ba9881295c563e915981664f212a5604d1f13
SSDEEP

1536:dap3/kUqDlJs/5hgFqws/MuuPCiV/wCnEPexQYhzTlquXtBiFFvrU+FCpao:MyUPj3idbTlXXtkFvrUYCpL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2560	msedge.exe
2560	msedge.exe
3880	msedge.exe
3880	msedge.exe
1660	identity_helper.exe
1660	identity_helper.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 2836	3880	msedge.exe	83
PID 3880 wrote to memory of 2836	3880	msedge.exe	83
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 3060	3880	msedge.exe	86
PID 3880 wrote to memory of 2560	3880	msedge.exe	84
PID 3880 wrote to memory of 2560	3880	msedge.exe	84
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85
PID 3880 wrote to memory of 2580	3880	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\184598436.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbea0b46f8,0x7ffbea0b4708,0x7ffbea0b4718
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,5290287993996526725,12443989071219662569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
699B

MD5
270b00e00d272438306bb3b482150dc4

SHA1
93329df6f07698e4b7d9e2fc0fc4b78f0bf1087e

SHA256
295b7b3d29d0a60bdbe31fabebd347562b8a7b44a129967ecc12873a736b25dd

SHA512
33d5ab3e06476530766e227088894484fae18a05e6517f3caac39c83cf1d08f008029cd24c344623290d7bf2cf0c371502ef6fbf98b432c6e6ab410519d9ba0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
667B

MD5
5e2a863bdf57c4633e9cd7219bb74a3c

SHA1
cb790015212af13b809114c11f58b6dd31a0ce92

SHA256
bb2fa69f27574af99cf00c070368be553a2c196915f8699f01432f48a3ff53f8

SHA512
06c536eca06d5a592596c406d7644a6e433bef21b9411da3513c79a30f5c0db792abec06dca40d1734620b9116509081bf80d4f32349092fd03be510a8173c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fa3b3ba10d9e438630093eb42d7dfed

SHA1
4d71b147d5747e968b61ab2dd22535195614a5bc

SHA256
a817f5e8e3f44e74baf783c38ef7ec6efd41d2a30b8ef311a9510bc1462daa3c

SHA512
35c027fcb5e9d3cace6010cdc429c4a086ec4b1fad521bd5fc0c8d0279c847ec597d0c237a57eb425d96c8d8eeff256018570833be80f29df2bcebec849dfa1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da192ff25079d45e2b0f10c71addcda2

SHA1
5e16e5367e918ab3d892b6c79c4cacd1b6a2365b

SHA256
a7903278919a8627e5485835018e16cc68336731c94f02d9d5c2784392b090a9

SHA512
74b65b562a65e2dc8b272fbaad1c8850efd5e81d73617fa19c61c058228e22489df7f3834be46698aeae362f62b2c912185acfd23b411ecef5830aa4f7d6c0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18de9b8e325ed76787d398f515ebe7fa

SHA1
d53bb293c4c94c4c4f5ed7bd52870c0873586ea9

SHA256
9871d5871727ff08324b58006c91156642b94585d2ac67957b8407c779071741

SHA512
cb4de493dc4c10444d167f58575af0420c6325de67fc5f6e2b2b9cc7f31fa502c74a5b28625072b4b0555dd9141c12a64b0bc699e4d3477fd20426be63d3125f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
02ae45cc92c66e779b0c15ddead7176a

SHA1
23f930ac3496aea03c053b138713db2e8a4d6728

SHA256
f0e879faf3ba2db747cdcf3de4f6d15eebbcbe40a91990e9f0bd1d60b302cf62

SHA512
a5a482f26e08c576d2bd3115148d7e9287a9c3efa4b43b66ee56d4550824720d40336928b45eff0435217e528faa7cb35ff5326f2ef9665f9b700aee52378cee

Download Submit