ea85a1f16139a399eb077abbcea6a47a522ccb63671fab5b017950a1331ec1a7

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1886bc04f6e41e0976a1bffe42e2938.html
Size

66KB
MD5

a1886bc04f6e41e0976a1bffe42e2938
SHA1

635b3e2223eeb596ed3047177710887c89b03225
SHA256

ea85a1f16139a399eb077abbcea6a47a522ccb63671fab5b017950a1331ec1a7
SHA512

c4680cb69df182f10ea3c6f40900eacf304cbd1eeda07e785e6cebf4ae4060390fcae6a8d0d0cc66d9969e4275aaa034ca834ee1f32a257248333f5c05fb3dbb
SSDEEP

1536:/3UVGUExdzsmKeTn1FXt8U9NjkKJ9CmEIsYZCzE8I6l7C:yydzsWD1FXt8KNYKJc2sYZCzE8I6l+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2000	msedge.exe
2000	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1088	2000	msedge.exe	15
PID 2000 wrote to memory of 1088	2000	msedge.exe	15
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 3860	2000	msedge.exe	87
PID 2000 wrote to memory of 2332	2000	msedge.exe	88
PID 2000 wrote to memory of 2332	2000	msedge.exe	88
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89
PID 2000 wrote to memory of 1840	2000	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1886bc04f6e41e0976a1bffe42e2938.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9735f46f8,0x7ff9735f4708,0x7ff9735f4718
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15613596542637508301,1983691306213017006,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
e169c68b08c2d9b63975fdb4bd691cfe

SHA1
f4f98fdd1dbfee68ab5fa9c3249a88313519fa93

SHA256
8274ade075a423ac8eb5f946ec57e9d170200dee03621fc36adcc563631fdde8

SHA512
a53c29890eafb9c23ac83b4b114b0e5b1f4af8d88fa38599688a0bd92dcbe95c3a470ae6e1ea3aeeb97782aeaa7fa81f0f74151068e1b4e4d7e05bb3a321e28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9cd493dbee9010767732645d0f1863be

SHA1
10c508711d082b34f8d3da5690eb1fc469cba794

SHA256
7099a0910e4d47f846483840d99c0066e6aef11becb241b58cc8f4932904222e

SHA512
5df920e8691d9791070d418380116bf7286b6906c1539aeff8804bb737b5310838a0f58d23ab49d600511119bbc0085cd8e053e8b0f5c9a638c460fec8f1e261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f46c91ee30fd6561ff3af858015c8130

SHA1
e307e341caeca34c036c40988dfdf20aeef1a2e0

SHA256
e9212f9bd7454693b3cccc28f9212d4b242e769d24682c344f1e4b2ce10fbde9

SHA512
2abcc0d502b6db2820225db3318a0c11265bf56fd415501cf1fa414a8096cd3f8723bac2774b809c426ebf71e90193a6f4535c1e78bdffb995443f1e99c9096b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9485e63701ff4dbfb6b1f15ffe4d8776

SHA1
ca9372de4c294208ee6235ed9d253dc2a7df1c22

SHA256
a82fc94621886fae95922ad902b31a29ef539569f4d2bfafa7a55b474d4ce797

SHA512
0e85e973fa997b0cc809db9fa853e90b6b458fc2668f39f22968929679fdb7b588f1cbfc5b949f118437fc4de7b9c27c323d60be4510041ff6e1943c76144168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd701c5e98d762fca1545919090b8b5b

SHA1
072e67f815c3bce1fcf2a29d0a61c9893a33ada0

SHA256
0b532edbe31f9ff5cf9665f8634335cff96dff94e1bf00eab04673a967ec02bd

SHA512
ad7b4cd127c4a4eab99e137065c4b7ee1b2dd7bded815f49c332e19ff2c801300616e18cc2c82800156c0abc5aa0eb41fdf6c18ff08e69e672ac8f5678c95a99

Download Submit