e515f22d475ee77d566b64638adcbeb00dc6306f7b1e8e88d09c8af7f2789faf

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a222927ecdbf60c58463c972739748ee.html
Size

53KB
MD5

a222927ecdbf60c58463c972739748ee
SHA1

8ceba51dedf9aea4224de0d3a7cddf0495fc6489
SHA256

e515f22d475ee77d566b64638adcbeb00dc6306f7b1e8e88d09c8af7f2789faf
SHA512

a0490a7e46d18e2764f3f82276af07830d24619b8d5f1288dab744867ac7f257c1b6f6e7b0df005c867f65879cd285a26208ec4dbeedf7d4f346536e077f11d8
SSDEEP

1536:CkgUiIakTqGivi+PyUTrunlY163Nj+q5VyvR0w2AzTICbbcoi/t9M/dNwIUTDmDM:CkgUiIakTqGivi+PyUTrunlY163Nj+ql

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
2032	msedge.exe
2032	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 3728	2032	msedge.exe	38
PID 2032 wrote to memory of 3728	2032	msedge.exe	38
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 2572	2032	msedge.exe	90
PID 2032 wrote to memory of 3864	2032	msedge.exe	91
PID 2032 wrote to memory of 3864	2032	msedge.exe	91
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92
PID 2032 wrote to memory of 4956	2032	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a222927ecdbf60c58463c972739748ee.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd515946f8,0x7ffd51594708,0x7ffd51594718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10551485977086395209,12245790927176650176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
0d6a3df1a8fd697fd15c35f3b27d9958

SHA1
aa3146a535812d4e2403ed83b3cb291921b759de

SHA256
b0a1b09f473d143ed161c49fc49d48697d08e22441cdc504e0991ad058ae8ba7

SHA512
04c0db36f5c80e712fa733b83778f7331e10e0c767c7834193e413546b004cbfa7594498c358bcd6a72306dd968cb2988b069d59d216ae55bc6e0e0181f22703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
503c56297396162a4fd01de65a4f1d1f

SHA1
d262bf361f0499414f60412d6a57e1a66b4408f1

SHA256
2188a891a889f08e44d18dc743e6c72f07cebff8e1b67b25dd5595ad6b71b39f

SHA512
7980c4da45bcb6f48d9636731520afaefe3c37c79222ac71e921043f902a26ebbfb4df9e6fcf4ca96cee22f3c80a1b23b1917265801dc57d06671762fb1b638b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab44c847a6300cda23a1df21f851c55a

SHA1
0d707e7fa198b0dd2fa2ae9a85c3e53fdca38798

SHA256
76dcf7aa5a4f35724030da19d9f7045931c72914e15178fcc232518d9a2f2888

SHA512
c9f4a90d643c1df57a3bb5ee483faff286c7e5b32581bcd30f55f956408b394505367a5f69608538cab231e95621a09a1e3bb0b64073c94db88bc3d91eb9d6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5ab5dbb50e60f7126c3bea54673fb6e4

SHA1
5844e63c09f0001064f777f6ee1a49e9a0025985

SHA256
f3183656ef1142b70252775dc1c7c16d718512281be54862523b18f4264b05e2

SHA512
9de2abd4bf4d34ab5619810232a1bf79da15de667480054d7c5c167a8404e3697268d8cf1e2c31b838dcc121e2f3db5fe696386e7d56f264862c17131960c988

Download Submit