Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25/02/2024, 15:28
Static task
static1
Behavioral task
behavioral1
Sample
a42266b34f21998af93cefb0d0f55568.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a42266b34f21998af93cefb0d0f55568.html
Resource
win10v2004-20240221-en
General
-
Target
a42266b34f21998af93cefb0d0f55568.html
-
Size
2KB
-
MD5
a42266b34f21998af93cefb0d0f55568
-
SHA1
90b700fcd3616e39a2f51f20bf925701c3def8b2
-
SHA256
677cc36103a20d7a11c4a83cc8d978e995d8354474fc92c2f428218bf083365f
-
SHA512
0c9b46c291a64d7b2d5218dd1a111a07c9ea8801595b56c57bd0e87b4a9a9e6869fbb3413d5cf6d960aa76f7a0b62807125b04d1ecb6c07d41821645eef7f8ee
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4792 msedge.exe 4792 msedge.exe 4292 msedge.exe 4292 msedge.exe 2620 identity_helper.exe 2620 identity_helper.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe 4292 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4292 wrote to memory of 4652 4292 msedge.exe 75 PID 4292 wrote to memory of 4652 4292 msedge.exe 75 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 2300 4292 msedge.exe 85 PID 4292 wrote to memory of 4792 4292 msedge.exe 87 PID 4292 wrote to memory of 4792 4292 msedge.exe 87 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86 PID 4292 wrote to memory of 3064 4292 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42266b34f21998af93cefb0d0f55568.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4292 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa892846f8,0x7ffa89284708,0x7ffa892847182⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,9904767001493463736,16695210499671283486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a65ab4f620efd5ba6c5e3cba8713e711
SHA1f79ff4397a980106300bb447ab9cd764af47db08
SHA2563964e81a3b4b582e570836837b90a0539e820886a35281b416e428e9bf25fd76
SHA51290330661b0f38ca44d6bd13a7ea2ab08a4065ec4801695e5e7e0dea154b13ac8d9b2737e36ebe9a314d2501b5ef498d03c5617c87e36986e294c701182db41b9
-
Filesize
152B
MD5854f73d7b3f85bf181d2f2002afd17db
SHA153e5e04c78d1b81b5e6c400ce226e6be25e0dea8
SHA25654c176976e1c56f13af90be9b8b678f17f36a943210a30274be6a777cf9a8dc4
SHA512de14899cfaad4c312804a7fe4dcb3e9221f430088cb8bf5a9b941ac392a0bbad4e6ca974e258e34617bbffff3bf6490fa90d8c6921616f44186e267ddaa02971
-
Filesize
6KB
MD5316659c6b515634be4ac56e9223c7f96
SHA1fb8500ad7c40adc64650791fbd80971fb573ca7b
SHA256fa0fcde1e9d5bfa89da14a020600a4cf830e484a66f2071124155a423c574c35
SHA512b664cfefcbf29778a10e4597ac051ec75770d0f45cbef593d2dbc153673166b24d28c051bac9a2da855331854ebe2bf4e8d0cd8cfba89a90ce5b458b75879244
-
Filesize
6KB
MD571a7f63984e66762080be23b4ce8eb11
SHA129d97ce811f3a2ebe41aff38c254f4d230a07166
SHA256cc528bd53e847825757eac508270feec97d36ae96f3739ac1658a9aa96b2c4db
SHA5125c41e2d691ef44e711dd3d4ce08adc59dec51924ae75b1954b65f3ba38fbd6414566b70e9d84b8d489c0efdd21f476996abe5ed12bcf8c6938863cb41586e879
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD543c8a13a4e03f6ebb6fde1f00d002e22
SHA14e0142d2e90205fdafff11455c7956ff04cadd10
SHA256a8d9d91b75aee8b8e10bb84195217326ae035339cc498f85d914c9c6dbd7e8f3
SHA512e8bcf2cbdeaa48ff7c5242d9bfeb0ca7c4be0a6c6c073efee20d51e94f85d53c9913ad5d8bda5d87cad1a68e3cf6ed9f1624ba7ce6b8cc542af6d4d8df94ecc0