Analysis
-
max time kernel
155s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2024, 10:50
Static task
static1
Behavioral task
behavioral1
Sample
a1ae2e6b159c5562befc388895422d35.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1ae2e6b159c5562befc388895422d35.html
Resource
win10v2004-20240221-en
General
-
Target
a1ae2e6b159c5562befc388895422d35.html
-
Size
2KB
-
MD5
a1ae2e6b159c5562befc388895422d35
-
SHA1
86505df0d743b304589928f4a71d939c5189bbbd
-
SHA256
110311ec0de2a48ecee42043ccc973c42afcb86588be77a64e1fd204c249a95a
-
SHA512
afffbd6ecbb920c8cf9d1ad760b1e1fbadc18a66bfae9f49453e9aa55049be33a628a82c8335ec11eecb2220b7abaa760c9fdc4b829db4dd6389d49ff44012e7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2264 msedge.exe 2264 msedge.exe 4984 msedge.exe 4984 msedge.exe 1552 identity_helper.exe 1552 identity_helper.exe 1564 msedge.exe 1564 msedge.exe 1564 msedge.exe 1564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe 4984 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4984 wrote to memory of 3580 4984 msedge.exe 87 PID 4984 wrote to memory of 3580 4984 msedge.exe 87 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 5056 4984 msedge.exe 88 PID 4984 wrote to memory of 2264 4984 msedge.exe 89 PID 4984 wrote to memory of 2264 4984 msedge.exe 89 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90 PID 4984 wrote to memory of 2348 4984 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1ae2e6b159c5562befc388895422d35.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6cfa46f8,0x7ffd6cfa4708,0x7ffd6cfa47182⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:82⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:3264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵PID:3540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2364480867696449897,8037653012606065309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2544
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f4db60c9bb06ea5452df26771fa873ac
SHA1c118183a1315a285606f81da05fc19367a2cdfe1
SHA256f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e
SHA512180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406
-
Filesize
152B
MD5f5b0bf4edca2187f7715ddd49777a1b2
SHA1eb78099013d0894a11c48d496f48973585f0c7c0
SHA256562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1
SHA5121039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9
-
Filesize
6KB
MD5fa63a87877dcd5be243a0d8b38405bdc
SHA1f6a8f57bb6d3655204db4ca7d4e4537a58fb49f0
SHA256d572f13ac0a0315c967fa4f0a52965e7168ebbaf4dd8e62c002969252b523cc1
SHA512810f8e991992b5b25319e846f752363857984736ecfe65c18a643d4c582ba57a99e3627dcb6f7d7c5deead2aade9511679092be837f529a406581eddec7035c4
-
Filesize
6KB
MD5647b8d5443afc8d7d6eae87f19e37edb
SHA1ec16fffa549bf230ebc2e0ac0e766275e838b26a
SHA2564be00ea9105d2997822a01d58edde34938f841d32220b22c25465d13c6e6c159
SHA51254d35c5931b41335b2cee193bffdd149b16b2ac5a2bda2dc8926a3aaf692bf64dd22d1bbd36f8106cee7a5865ae8745d5f4316ea7cf26d9db83e32140cc7ba11
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52827373f06c5c176f7a767fc582491a3
SHA18b9d7e107f1aa90d465b6e5324f5fe0916162703
SHA25630dd581c11849370d629eddd759bc40c471b835f6d676e21eb46a48cf4371e07
SHA512220579510cb450814b2698d715c06eff7385479bca56dabc3e089d6e2b804452e28076d1c7eed6dabf3289cdd2b670b7405d0a777b0580a3276d916f8db383b1
-
Filesize
11KB
MD5f46ded4a3ad7d159372f9b3fd9c29f1f
SHA177391968df008ac05d55986bb0d2cf151768fe81
SHA256b4dd83ecbab362f78002120b163b08c1cb48453ee6c30a0add2d1742b8f9f1b5
SHA5127a95333e97da6d3ac51cb2a034a338ba8561f236ca384dac70a6f9ea6eb68af79af9abcaea8f45a5c6fbe66bc2c547fbcc0e4f9c389db0a730876d7a67ea115e