44dbf9abcb98c7cb90b0a0cacbdeadf58dd4b21ddb34c938475b96c232ba4561

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 08:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a15dc3fdf80f95634d100b716acd989f.html
Size

321KB
MD5

a15dc3fdf80f95634d100b716acd989f
SHA1

5d944b0de96d997d005641c87775c9a011332e19
SHA256

44dbf9abcb98c7cb90b0a0cacbdeadf58dd4b21ddb34c938475b96c232ba4561
SHA512

2bfb64344dc2b7616d8019fbaf566717c8ff8f77ef459dd95b01ea42dcc718fca2e1094d0e6a9c176382017e77055afc3efb8466bfafe20e330b871055948073
SSDEEP

3072:FHWjWcq2zZ9VjFjeWD4kGci+YaLb8w1DAk+c:FHWp1vDici+RblX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2444	msedge.exe
2444	msedge.exe
3732	identity_helper.exe
3732	identity_helper.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 1520	2448	msedge.exe	33
PID 2448 wrote to memory of 1520	2448	msedge.exe	33
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 4044	2448	msedge.exe	86
PID 2448 wrote to memory of 2444	2448	msedge.exe	87
PID 2448 wrote to memory of 2444	2448	msedge.exe	87
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88
PID 2448 wrote to memory of 1988	2448	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a15dc3fdf80f95634d100b716acd989f.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad15846f8,0x7ffad1584708,0x7ffad1584718
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4937602622967247178,14735536209213409439,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
33e28c66093c6424d6ed1ad79f902421

SHA1
c429fdbd194b191099f90fcc9d279b7e5e9c27ff

SHA256
006f3dcbeaa90c6acc7d20816d839071463601bc6888211c415c56cc4305a68b

SHA512
c9c4b472b9348b15ff216174032ffb33195367cef99c5849c654d0a7abdcc9f9416f590a316b2b33bee4733a1e30f3e0136cfc3f91d4f984bfa8b7482c7ffac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
441a7ed4b3ae2a1f72fd14af848fa7dc

SHA1
050bd7e603f3f7d4b7df889d23543dd9f6d067d4

SHA256
3733aada636f7e8d23162f8e525f9790a821a15842d02e6beeff72c79df08bac

SHA512
5ed37e2bcf36ef2db8581f85403dd41eeb18f68cd3efdae0947711a1c6f7aa32c07deaf3d2feea9aecf1af6b7620268cd0ebf7a834e7bce927f8368a1d382c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c65071c2717eb676df65c805887017f6

SHA1
d0816432a82e16bfcbe6b81ddf3b9c809b7ca801

SHA256
2816dc8151950f8b54c0fe9eaddf788a67c9751f094032eb30b0082dcccd6326

SHA512
defbadc387183864bf3012ead5345597ad9655f1f80b1d21441f9e05792d5070549fdaabe9515d52a49647e58dec1c4d2025bd399f741c4e6cc672a94e96238e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b23df4e2b9496026d433a5e63492656c

SHA1
a1c69eeb887f2b4f15481e56edf3f3c1fee88df9

SHA256
89388bcddbc6a7bbce2946270810339aa3defae3731ce9202ad9819e8e3c5188

SHA512
6c6c84d533c3b5bbf4f2a317244b21ea62e3068fda54ccd22afa28a01d46c417cf29a4a6b5588544661c11b641cf455b41dfc0b6f65601d2be38f6576c20f13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04b7fa8868bf2c74b11e6a044991d5d4

SHA1
f4b2921b58701489fcc0840ca2b7a5914f7b01f1

SHA256
000cb12b8e2c25a95939e0ae65892826e7ba155de6510ccd0e00f88614f9ac2d

SHA512
0cab522b6c38af383801f2c826828e2f1700d5685bec6054102ce0d26306dea0d930537b451e0163e77aee1498330695ef1704e7c690b953491bcb68609c341d

Download Submit