abc256a54944ce94d6f1be060b6171f8737250a80d82d78156d913051b5201b5

Analysis

max time kernel
181s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a38086316f57c95c0fdbdf5a5cdb5ec3.html
Size

3.5MB
MD5

a38086316f57c95c0fdbdf5a5cdb5ec3
SHA1

1f99b0166e596c0934d121bdc45f280890d36245
SHA256

abc256a54944ce94d6f1be060b6171f8737250a80d82d78156d913051b5201b5
SHA512

e92f56e7c254a936ce9996eae0f1633b579e0ac38ea07369d8b765d064a7164b193d61ac9d0e3603f2a2837e0afcba97451115c1893bb91fc31a348ea637c161
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NS2:jvpjte4tT642

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
264	msedge.exe
264	msedge.exe
2640	identity_helper.exe
2640	identity_helper.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 2280	264	msedge.exe	85
PID 264 wrote to memory of 2280	264	msedge.exe	85
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4016	264	msedge.exe	90
PID 264 wrote to memory of 4200	264	msedge.exe	89
PID 264 wrote to memory of 4200	264	msedge.exe	89
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92
PID 264 wrote to memory of 1872	264	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a38086316f57c95c0fdbdf5a5cdb5ec3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c2846f8,0x7ffd9c284708,0x7ffd9c284718
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9483707894043583265,1948413834615416225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4db60c9bb06ea5452df26771fa873ac

SHA1
c118183a1315a285606f81da05fc19367a2cdfe1

SHA256
f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

SHA512
180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5b0bf4edca2187f7715ddd49777a1b2

SHA1
eb78099013d0894a11c48d496f48973585f0c7c0

SHA256
562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

SHA512
1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
e63154b268f331b54cc2a5f75e4aa57b

SHA1
6660407bfecf324fbeaee2cf917be753547ed821

SHA256
f8098dd5b034be638bd2b7a26dfc11e2139c1a7ff2f4719f685005255209262d

SHA512
5cdf17cb93fa91067b9a09f73a2be062a9242daad55f44236562a15d5090a7799bcda670076382712af2009389326d332394c59976529538b40076cf9f41ce1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ef3a59aef9463ed88d88b77750781e8

SHA1
72b68d3a4d93418bd5b49cb7cc4c8e86e8ae5748

SHA256
ec2877f65d36981414d51ebc73b3923fd624deb6484162491ee4f93710fb50ba

SHA512
f4fd8caeb5d0a7a0cb37c074fb84f41f19b76711a01d06a6a048c7e896d2e35981756698415f32d085dc4ffc047fe940a5c5a39e5b3af427f1d7648e74c5e9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d9ccd25b6682facf82e3561b8eb1c169

SHA1
e7188be2ecab814b67e6b1d22dcddaa4c0563955

SHA256
cae84c16da6ab5ae6c6ad97eda3ae29bed94f4094904d64b7a91e4695174f405

SHA512
4b487ed162ce975f8adc63f33e0365b30a190bb91a93f1c8bb660dcf9a34523a34bf0720eed2ef7e8293b09172f80fd3fdfa12945a7ee8142d59f212f9a3c9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a498347923eaf957151fb36b6bacae7

SHA1
812ba869aaaac8cba27d2b280b04296bd6d1f947

SHA256
218552cb4ba37cf6533d88e76dcadbad4add16c142f1cf7c2c4bc43207f4fe51

SHA512
90fe7fec890d37ee76b6998c3d72daf1a678f3a2f40d80f77e46dedf5a01b7e142311861e1dfd1dca64a467bff943931e090254c6b9ea66a7f21c357b06a8452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7ddbd5fe27efcc52ed160093b9bb6ae

SHA1
77fb2e2d0614005c9cbfc35686dda4a2630b27f2

SHA256
91cc27e68ba0e0d5ab0e5e49445475129155b7a151c4118d0295a01e2aca77ee

SHA512
8d8915fbcc22029dbb4e66e18f506c03d01ddbb41321cdaca0f5cfd760c2b43046f69678d5ac5f1883b53cf2ff2a27e776d5d3855d98d2938f3b44795cc3789b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
027f58bb91281e0924fc72d876cf7743

SHA1
4fc1af29399ad77d1bad281861a71ea8c0543ef6

SHA256
9d931d69d33c233ad14a309a932dae0696e4a640a4e9c4bd800842bb8267f2da

SHA512
76266bcb2126a9d718dc92e41dff68628d50913c8c0b8fd449238f0cd536c2d8fb3365796e72b1740f88afa80469c7eab912e95a70afffd08c6ce85e596346f0

Download Submit