b4ad899058c701edacc759aa9f2ba17d85502b87aa4accc387c996d8f8047b67

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a15bc3ec9450c1e11ed8c774b3fb4130.html
Size

13KB
MD5

a15bc3ec9450c1e11ed8c774b3fb4130
SHA1

5f3143e11c70b338ef0f49b9bed92f30f5384b87
SHA256

b4ad899058c701edacc759aa9f2ba17d85502b87aa4accc387c996d8f8047b67
SHA512

c7b9b0fc15cb1a81e4e2bd4f8fa19e66f6a696aaf561aaaeb68484c6ef72b543033102d2c9c738e8c9ac980bf2fcd97f1c763fb7ddecd24b5e041d352dc23465
SSDEEP

192:+ren8VwgJoP+IGA3Q/LwlLuuH8YCWCz7sHNR+hOHdSPEQAn0L6FBZM0E:nP+IGAg/guo8YCPstR+hOdEAn0eFB1E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1716	msedge.exe
1716	msedge.exe
4692	msedge.exe
4692	msedge.exe
4076	identity_helper.exe
4076	identity_helper.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 3668	4692	msedge.exe	54
PID 4692 wrote to memory of 3668	4692	msedge.exe	54
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1576	4692	msedge.exe	86
PID 4692 wrote to memory of 1716	4692	msedge.exe	87
PID 4692 wrote to memory of 1716	4692	msedge.exe	87
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88
PID 4692 wrote to memory of 2872	4692	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a15bc3ec9450c1e11ed8c774b3fb4130.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe76a46f8,0x7ffbe76a4708,0x7ffbe76a4718
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9509335463616492828,7289117135141900786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
21288b4d9c0c0113b527ea64b5388e34

SHA1
634686f9842986ab0a3419eda6aa8f70f9c388cc

SHA256
4c7d2bb7f631e4d60278030e90bba17d19e024ba27d9b3e980587f3525561788

SHA512
45cb5e6cac3cff3a39b3e7f14c3b7eca0003c69218d69a8426e7cb843ac87dcfcf5e8e2149da337265a8ad2aa9d899956686a7dc569875dfe33efbbc3ee50d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f501df440afbf1cd9d82512157554c66

SHA1
1c34854cf0ce234a7c826cd12051657025e609aa

SHA256
8d7d3dc379a139a500aa85d2e3edee0dd5d83f1ffca2657ae590f1edc3997861

SHA512
857dc79fee088c39a3bfd74732fa7cb2808d43d48a421664a5e30be6fb299a47fe6a8d617178755033434830535464d76afcedcc3e4fd76ad8b012968637c3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44c795eea2922fac6adeac24129aae12

SHA1
2cd3229f2b8ab319a48107f84b4b19c3c8265cfb

SHA256
25727ac97f1d01ff0c26601085df2475917986dda22373b7bc8aee97fb7000bb

SHA512
1c70ef70c8804f69eaee7e0af9d5f8bab686606485c98876e0be07047922a89da53d0a636d661df22a0a6340ab49f4ae93b906879c6b97519e9a06576cfaa0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5ac6cd2c66a83ac51992d08c61a41f6

SHA1
3081ab8ecceed1ed0da6b01ea79ac22b05da4438

SHA256
64a24ce8cf21ae93e6fde32146a8317b6c021dc31536bee49a163860f0f2434c

SHA512
7658d1bb3f0f1595a0c4f371cb4430d91de15f695916b8b938c68eafffbc023cb8f7e233268eb32874203ad1bb0346cbb8f4136d564657983a0497d3e67bceb8

Download Submit