a7844d758e6b5652f5adceac22346b6bd57089fc88cc4857a98bc6d8e69494a4

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 21:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2c0a2a0272a451d8e8d076ff5dc4b8a.html
Size

948B
MD5

a2c0a2a0272a451d8e8d076ff5dc4b8a
SHA1

1d7e61133702dd9407720609f89993b07713f44c
SHA256

a7844d758e6b5652f5adceac22346b6bd57089fc88cc4857a98bc6d8e69494a4
SHA512

c435daa66d9b12bdaa587c6fa10a06ee19b2a4d2a4d98252549782a729af57d2f81830897d1e4798d2b4684b767fbe5336417c38008f219d21036fb7a786fc60

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
1004	msedge.exe
1004	msedge.exe
644	identity_helper.exe
644	identity_helper.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 4548	1004	msedge.exe	85
PID 1004 wrote to memory of 4548	1004	msedge.exe	85
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 4308	1004	msedge.exe	87
PID 1004 wrote to memory of 372	1004	msedge.exe	86
PID 1004 wrote to memory of 372	1004	msedge.exe	86
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88
PID 1004 wrote to memory of 1544	1004	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2c0a2a0272a451d8e8d076ff5dc4b8a.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3d8246f8,0x7fff3d824708,0x7fff3d824718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6956613073408243475,16919184024066508801,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
360dd5debf8bf7b89c4d88d29e38446c

SHA1
65afff8c78aeb12c577a523cb77cd58d401b0f82

SHA256
3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

SHA512
0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fbbaffc5a50295d007ab405b0885ab5

SHA1
518e87df81db1dded184c3e4e3f129cca15baba1

SHA256
b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

SHA512
011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36d1b981be8e63b75aac2f9dedb18bf6

SHA1
a3a7dd69a874684c595b83efbb02d10b34fc9dd0

SHA256
6356ef31a3f5b4485cf2d7b340e2b641b817d9b93500b86c1ede4b2e64e65101

SHA512
2b3c856770fc780e13065b48280a2a38063a11fc94d25deb7eb39498e13c73794dbec83a4e6adba718c2cdc7c559078c01e50162546b12d5a2f8a02458138c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e68c2abad0aaf53ddc6e19e66dba13a

SHA1
e39c82fa9cd3b07ccabd642604298ca5c874155f

SHA256
4e08e5d99577ed5691030be812a20ce59edfd5a0f3e7d0c123b159171767884c

SHA512
66a064563d713a94a53ae0097dbd5dce5c376619d02ed12a27e77bfcfedd62229a58b1733965f243a0ba2fbf8e81f4c393e9d44fce137e278aa2230191d47556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa9ba9743ed246a39fa82e4b58d2f1bc

SHA1
49aa2d78e0b508cb83a32b924d7854cf69b4865c

SHA256
64aba7074ff5cef99b663a594313b38849a1b12491c711c9a9f8a0263fe52cb2

SHA512
ea0e1bd6cd3616c45c44f912274de507f20ecff8aaf62e0aeb632946d545d71d96788a7cbbed298e7455cb2ec6aec5f8aab5a4e56c8a6b7799217fbc62dfd85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66f5b14ee1858f574671e601805b19f8

SHA1
221112e1b14b21ab6483501efa4f991bf1fa7a56

SHA256
306dcc4df2efc764ce794a5b0ddae5af9006a401b309a212d47affb75e8c1745

SHA512
0aaaf134ed434d9db0f72123d90fad4e8f8d57d64482343c85404b0ce38fbc027dac3fa3c9982f0eb100ce17a348cad37b855a0ca0c2e5e87e2a2f9f219ada78

Download Submit