1122756d9e0a6ef6dc86ca200d6dd39c83af2361042d68dec0f3be4e0d1bedb4

Analysis

max time kernel
145s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

boutique-floor/css/style.html
Size

1KB
MD5

acd913f22b3ccbbca632bd32684196e1
SHA1

3af94a8b34e85953a2e08f9549e262f1c18725ff
SHA256

82a756488df9eface51a30cca9c0b1367052899805ad647a1d6d5f2ae98d1e67
SHA512

3ce64613db65ddc3bfcd880aa0522ff931bd8405a1f90d072d14036100c14b280df9bc0de797cb43ce0eb14d71b5ede4cc0a004ad201c0ab2359cb2e1d3364f1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
4116	msedge.exe
4116	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe
3340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe
4116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 2648	4116	msedge.exe	74
PID 4116 wrote to memory of 2648	4116	msedge.exe	74
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 2044	4116	msedge.exe	89
PID 4116 wrote to memory of 3920	4116	msedge.exe	87
PID 4116 wrote to memory of 3920	4116	msedge.exe	87
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88
PID 4116 wrote to memory of 1068	4116	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\boutique-floor\css\style.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6a6b46f8,0x7ffa6a6b4708,0x7ffa6a6b4718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6898158807370259137,14402021370108203268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3bfafea5ebfe33120b38accd4984125

SHA1
db7509f254029c5b4bca76e3847b32e75ec3ffae

SHA256
cda748e0b7730cb9948e2dc5c8b76fb92dbe469320e72171d2408ed634284319

SHA512
92289ff85358b35d7194258d2b06873974a212d8ce93aa59c0ae03a96de458d1043a990b43044b7276c1a2a8cbf9a27cd7909eb2452f1d0cc100f2b12d064ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0efcdbb8307cc2690203f3b7660acd5

SHA1
2b4f3342bdc90e36417a8dc977f0e0573b036170

SHA256
7223f760c4c1cd7ffd0f4aeab8960e7b0f650c01f1fe72bd41bba6b2697a440a

SHA512
96ecb36b41af0a8ba3033b63e2c3dfd9ffc4e9df13caf4acc648dcddfcfe68977661fb2e1832ff077085e972cf793c1d7f69c5d261758cc2f1c82223487e6e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94e8432c477dd6a1e81b5aabdddc2b86

SHA1
20d1fcb7958f8445e1c3b0cc5bbb7b203ad4648a

SHA256
194fe7cf16ada1a539407fd558495c9d539a5bfca47b0a5bd878c8df481abc34

SHA512
c59f4b0e77ab8ac016a37fffe198171f2fd58ccbe37a78613d1138274153657a50fb6bbd7cfe01629fa1de956bc02d8cc4768ac80c5f26647912a4da8898ba95

Download Submit