hxxps://zimbdaa[.]000webhostapp[.]com/tachles[.]html

Analysis

max time kernel
17s
max time network
14s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 14:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://zimbdaa.000webhostapp.com/tachles.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
1032	msedge.exe
1032	msedge.exe
640	identity_helper.exe
640	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe
1032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2444	1032	msedge.exe	40
PID 1032 wrote to memory of 2444	1032	msedge.exe	40
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 2744	1032	msedge.exe	87
PID 1032 wrote to memory of 5092	1032	msedge.exe	86
PID 1032 wrote to memory of 5092	1032	msedge.exe	86
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90
PID 1032 wrote to memory of 4880	1032	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zimbdaa.000webhostapp.com/tachles.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c67846f8,0x7ff8c6784708,0x7ff8c6784718
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,924335745489890362,13276857600057335074,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ebd667e8db80b0ab07f02f3dc844252

SHA1
461bade20eebf59e30e8c3620640d6df6db79249

SHA256
d04531e41d70e7832898e797081335b3f0314b09141a01de921ff679dba41b0f

SHA512
75f92d1f4ab942c3fdd3b70542956ea246f718aa8808a53f33d52278505f4f783e4c0458e5093ea4f459e72faea431f926373883eed2ec7da1109bd7efc6fb57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f621c7614503377ba83f2fcfca1c303b

SHA1
c7ec737f8e0262052e038691e5b38db37bdfe56e

SHA256
c2d2e04acc5e2cd129dd3211f73b498043051b74a2f661c1199224b37b681b26

SHA512
203e5e582007efb7d11b0442e85d4e37a4cc1332bd6367cd74b0d4b9de0d0df85757bdc66474f62309bf530841ab7a5e4c0d43c95aa416b7175129e2e2b36c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
681e827f3fc709cc3ca24b8c372552f8

SHA1
42c7171dba2b6a5b881f8a5a645f00d692e6df0d

SHA256
d0332dc3afff77916829a6a70f9e181eaeef41d0d35724e26e3761f7e5dc70de

SHA512
50f68b3d8220cca1dcd579874594e341df8eb9042c02eee05304fdf0daf1b87a8c811c04f81cc37241dce51a8c5f38ada676d3d9de65b2523d95c92d30435ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d98bac3a9479c0415d8437660d6b3e4

SHA1
58e59142b69972993082ec7eb24818413ce42cf5

SHA256
1e0dbb1acc6858738b686294076195d6686d945e4459852c4c409f5bf749de29

SHA512
e4c2d8ca06105385bc07fd892fa796e22ecd0a891435ba3d84bdd9f4f0ba33360b9b361ba6874f933dc0af13808b91a3bc82ff6a99d9f80c3295efa7ebb86e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
42d2173b5ec649b1b9bca928067bfd1e

SHA1
39d1aa0bdb67406146acbdf8b326f7371323918d

SHA256
b8a9c235bda589913c0c8f3344b6b90a15e59750585ebd5613dbed4d73949420

SHA512
70e41f5d4365ee21f632d468007f66f86ef9444bcdc16f675d0be5734df15261b428dcd67b3ab8e4e87346f5fb2b14c49b14864932e3fbd546dcea3856c2f7d7

Download Submit