f1f063601593952c872ed17f56c82e66cd746f4aed06c50c82c1820ec9d291a0

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa36bf2ccc41a27eff78098937f4fad1.html
Size

42KB
MD5

aa36bf2ccc41a27eff78098937f4fad1
SHA1

1c17e4d97c0accb7f9179d783d84c6984e2db763
SHA256

f1f063601593952c872ed17f56c82e66cd746f4aed06c50c82c1820ec9d291a0
SHA512

d0a4a29cbcc43345e286ba6198822394ade77dbcb0d4258f737d23c1a857ee3f877d7674e8812cc494bff1a7474b1d26f9b8c3ae67e81dee2a159998142958d6
SSDEEP

768:YuIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZWK:/IRIOITIwIgIiKZgNDfIwIGI5IVJ7Sqi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4848	msedge.exe
4848	msedge.exe
2548	msedge.exe
2548	msedge.exe
3348	identity_helper.exe
3348	identity_helper.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe
2616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2328	2548	msedge.exe	24
PID 2548 wrote to memory of 2328	2548	msedge.exe	24
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 3320	2548	msedge.exe	86
PID 2548 wrote to memory of 4848	2548	msedge.exe	87
PID 2548 wrote to memory of 4848	2548	msedge.exe	87
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88
PID 2548 wrote to memory of 2816	2548	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa36bf2ccc41a27eff78098937f4fad1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc40c746f8,0x7ffc40c74708,0x7ffc40c74718
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13286409467039818641,12388504029838560189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
308B

MD5
0100acc40db8130a6768b36cafa3a731

SHA1
8e728373f956078b493a2e2c95b448f54b5d13e3

SHA256
cd2678d1554ae7afd0a9568b6bf3438c8c57aca07c851dd34907be38b0ec52c4

SHA512
f7852790e4f8d581cd668dd21f65a78004968514691aa993808125508c5e02f31b22bd6e881156ce50b21ad0361f6e18cefbfc4b3f209b132c8641b97b9e5383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e0dda8599a02b3e21dd1afde9232c11

SHA1
78a0260b699ba4a5b1a89485120c6562653694b4

SHA256
a1de02717debd0d509a88b0d17e9cb2b6953f5f6bf47b251ed8adc2c82b6ed37

SHA512
6dccf7190c1723c3310f140243d682b03cca555d3c4cf3b8668441674c5319ddaab6463845d947edc8187dc13afd8dee25391ea475567d41d56f485ded98844c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e6b914c69092f314d8dea2f7889bfe9

SHA1
931c59412b68efe02e99e17e27e070496aa04199

SHA256
c8ce0eb338f6402206501dc7d36cd6537533b52d8559a3a20312eee246a876d3

SHA512
377adff1e32a25eabc96974a5289cc76837b4aa21df31ee836f558016fd623d950356b44980ab16ded04e9364951c2891f37b516073b215f85cd454ead31ead4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7aefbb39876060a5d10985c0a6d79ae9

SHA1
d4cdc22f858b1e15daf50d1fc2ed3f874db6b524

SHA256
e63d034f30f8f878dabc7c28f8758ccd1269ad93493d0aeded3e2868a9c7a5d1

SHA512
b7aea6c2e0b91323047d50dafff0750c6dbdb3470115931076a9ab02cdbe29b9e88412a12552397ac2462fca9506d8218d2015a9d48826fdb5586792c3e1b16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
959353abe0b6f054f12444d41e5f9b40

SHA1
588c54f6553419ba6351bb30b7663442c3449046

SHA256
2117ab269bed76d64964a042762ec010ead6df3a8248d2e2f7d62e9ab8fcd8fd

SHA512
40f8a175c4d804c9a37634255de13bb4c48a32be9fbb3b745222522024811d5279098536d53894276e17cdbcdf3164ee19ca77d6d5535f4e5056eb123e61bdff

Download Submit