50071be8cebf8b01ab028374632383549a5c1824477631376942401ec5b35392

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a136b5c024f60a040e4421c75009aa87.html
Size

45KB
MD5

a136b5c024f60a040e4421c75009aa87
SHA1

ada333059dd3d76f7a19640edafe72e059ec33ed
SHA256

50071be8cebf8b01ab028374632383549a5c1824477631376942401ec5b35392
SHA512

f45c0377197ebc04acd5ac78f970c8a8520187380927057180615cde3d856b513735b91b2b9cd42e896aceb5f740f0ef300c6105109673127f37ca4618bc29cf
SSDEEP

768:SfaTncellml4+Va0andZEACANu7QeiwSmGXoJ0r8w7HFHxrQzC4NC4+yC41CS7C5:S/AvEACANu7QRfnXu5w7HFHmzC4NC43q

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
868	msedge.exe
868	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 3228	868	msedge.exe	15
PID 868 wrote to memory of 3228	868	msedge.exe	15
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4508	868	msedge.exe	90
PID 868 wrote to memory of 4808	868	msedge.exe	89
PID 868 wrote to memory of 4808	868	msedge.exe	89
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91
PID 868 wrote to memory of 3140	868	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a136b5c024f60a040e4421c75009aa87.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff81c346f8,0x7fff81c34708,0x7fff81c34718
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11362484857462482112,10908370972937053758,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
0644ea0800b16bbc3eb3a6f28e69c016

SHA1
5d6d133999de7af72727b96b6e4a6d58c420f496

SHA256
787a30749eba18ff2767a1c70f3769db2406ad85a7e55be56fcb54d8a2e0072b

SHA512
722702a53cffc10e72525a6ed7f93b263ea92a5569b6ff8445d25aea2f0d09da975f74b223ceb64a24b91f751e92f67a66cd1a12c65ba2c35b6db1e920661621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b810c91bd408c11f760ecf96cf1dc499

SHA1
c22fc23430bb4df0e596691edbba36b5926ed1e6

SHA256
ffab168092a102b6b6153c6fe5979889e7b5c6ac2cabe5a7e0709cf574145fd4

SHA512
b84f98fa200e40ad2bf16f99d73cdae3dfa48cf47c1b537b81a04f12426638d259b308cb73379823509e7f7cdab3e961e30487744abedaf5b32608ce312bd1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1e8eb88-c4b0-4d79-b483-6eedfb54b361.tmp

Filesize
6KB

MD5
455c1c96158f7a8fffcf06b93f82167e

SHA1
d176186db1f7d1cbf1d8a7993ac11c8df4d67214

SHA256
a3fe3350abcf4bab2e2d0bb6a9e324926a26b79f8554246da0ada923855c5508

SHA512
5e1bf356bed31787de2461ead8f37aa3b548ac220f4f7996075b1c2920f4a79c940a757e805e3d9b6c8f9cfd6d8c969672eacc5c4c16f08d141cdba2ebe30c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
268720ce23bfe889f0d725e7d11166f7

SHA1
05923fb2465d3f68ff7e75596393b53ffa91f8b0

SHA256
dce2a2ceeb1a08982f7adc2a7a71d4f99f11909ce2a3226d126ddf8877e5a883

SHA512
6fbe12e15c16e28e1f03a10ba4710ba2492ed447f3f50b4be693cca5aea674f9b2fe31edeae075deb7f5d0baed3610aaed77c6a4e97d2d3acda300cd5bf57b85

Download Submit