f2bff005ae1326a2e575b39c8949fb138ca729fd30414774a4019560c2f5b8cd

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3528a84effac35feb930020da1d205c.html
Size

15KB
MD5

a3528a84effac35feb930020da1d205c
SHA1

1bdaf73bbd994f297c2ade577dbed29ba1537336
SHA256

f2bff005ae1326a2e575b39c8949fb138ca729fd30414774a4019560c2f5b8cd
SHA512

e2c0087768ad074ede282f5b00bb5947c31930a091b392a18bd26ff3c7c19d2d23ef268d53b1b69842f486bf26fdbf7c8f03c7666c3ce0a004647e196764cd62
SSDEEP

384:ln8uqnGDnW0qngBTlRTBxQL/3ueONRYVPZs8S7YRyu943XF9KxOcfLmZqtYeyGFL:ln8vGDnwG0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
432	msedge.exe
432	msedge.exe
3396	identity_helper.exe
3396	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 4540	432	msedge.exe	50
PID 432 wrote to memory of 4540	432	msedge.exe	50
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 2308	432	msedge.exe	91
PID 432 wrote to memory of 4572	432	msedge.exe	89
PID 432 wrote to memory of 4572	432	msedge.exe	89
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90
PID 432 wrote to memory of 3480	432	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3528a84effac35feb930020da1d205c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ca746f8,0x7ff92ca74708,0x7ff92ca74718
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4898668806453916381,6888433531504891325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
276B

MD5
63e94862b42530f86676ad4d8dad984d

SHA1
3fd2230f79711e641c7d8bc1fc8f6d671319aec8

SHA256
02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

SHA512
8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
153f037ef7b92201646f4dde7368f1f7

SHA1
82f2165cbe37a4c75633c5e08ba33b25543d06ca

SHA256
acc27781878d005a11361ff771e91e28974b96a40923535943543836104e3c64

SHA512
0acbf41e8d5005584713d93f95fb68654c07fb2c3e6eec30de9e6fe3532d9c0c98bf44f4cd5b0c06ad5899fb2b4847e43e42a385a93426e7f7655453ec3e2dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eebe82dd93b26c825e9ef60e9afa974e

SHA1
2595602d2df0221752c1344fc390332349f7f49e

SHA256
efbe778b4b48bad5f594d97912e358dcb4ad17458f82528e93340b8cd2b9dcc4

SHA512
8cc5afb97dd1925bd2928df347ceffffe67ee2c4cb00a759eef6ef54ad32db8ccb1f13be433d088e3a4ebf43858fa4f8d563081475d9d16c8f2b25b99b7c3929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86d4235315a0421b3bb176796f110b4e

SHA1
b115bdb61260840cb643cd90c6013f9020a8148d

SHA256
f598f696ffa35ffe75536587455375ec2b3001a45626b62ddb17eadbb2725f7c

SHA512
436ea1f6a5cdcf11a85687a0c075e0b7da204308c4c977b2156be12c7a437d94453f5d0d0abb4b086057533fdca1b60dda25e1e3903530c1b8290b96667284c8

Download Submit