0b3d145de37c268e1730bbf63180cd9ca7718aeb554120c8323e1827b71c117a

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a08246f520333fa908ab06d06ca9f51a.html
Size

28KB
MD5

a08246f520333fa908ab06d06ca9f51a
SHA1

9b08981a70d1a85a76a0f4ca3a4821a09d224f5c
SHA256

0b3d145de37c268e1730bbf63180cd9ca7718aeb554120c8323e1827b71c117a
SHA512

cd661a3294a76d91763fdd94c8499d2173ccfae483aa866a64f0d462b29f8e58b0bcb78901ecda50502132c7a50b0113c3237fb9e874f2d977dab686f1b09c42
SSDEEP

192:uw3ob5n5+TgnQjxn5Q/ZnQieUNnlnQOkEnt//nQTbnxnQ9eGMm6AR+OXnQl7MB0e:lQ/zP08+OmSxF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1012	msedge.exe
1012	msedge.exe
4336	identity_helper.exe
4336	identity_helper.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 3076	1012	msedge.exe	84
PID 1012 wrote to memory of 3076	1012	msedge.exe	84
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 396	1012	msedge.exe	85
PID 1012 wrote to memory of 1724	1012	msedge.exe	86
PID 1012 wrote to memory of 1724	1012	msedge.exe	86
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87
PID 1012 wrote to memory of 1496	1012	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a08246f520333fa908ab06d06ca9f51a.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1bbf46f8,0x7ffa1bbf4708,0x7ffa1bbf4718
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16589917900333034522,6688517872797243183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a65ab4f620efd5ba6c5e3cba8713e711

SHA1
f79ff4397a980106300bb447ab9cd764af47db08

SHA256
3964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76

SHA512
90330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
854f73d7b3f85bf181d2f2002afd17db

SHA1
53e5e04c78d1b81b5e6c400ce226e6be25e0dea8

SHA256
54c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4

SHA512
de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ade1232ddf0abd605bbe8f8744760ce2

SHA1
09ef47843661e83d7ef4f16051a5507801cb9c9f

SHA256
339bac6fb456ed6da248105fd0f4266ac9b8e5aea3cab5ad69e4ed0d4200af07

SHA512
13dea1b4b4081eae99baa678ce045c762b2cabce8a4fc1b7c1b072dd54d347af6ce00108f3c392f537270621c921376570bec71de77f920b846f949dd7ba1725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1876649931d7c6ef8231d8cd6c7d1bfb

SHA1
a4b98e4cd27bcf7ac7a00eca92e42d1a36a0ff4b

SHA256
a8667322bcf4ee7d74595aec2be1b5d3319e10befd37945af5f261083662e010

SHA512
49ee340253c7cd86981e982b0954ac9ce1c185cab9f1cd3afd7512600a1747a79a7fe19c0203aa4a5493a47e58456d7f416e4d5470e4309219834cbba6b11be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
08277e527f7fd05cfd2a5138a4099b06

SHA1
8ad820518f1df70962024d76a8e93b0794bd110d

SHA256
58c4a10f5eba206966301e608632675bdd3fed83545b6b42799c7951d881b2e9

SHA512
cc7b8b7ba024d966b912761b37f3ad671397280f1bfde70d10b57ec116ea4c0dab7f69688ca129857907ab7f204c32b6353d7ef66551b3da4d9f0b4d92dd6de3

Download Submit