7181cecfd8f730f9635a72cebf8f16e3589f2d179bd13d2f78ff8ac1ef7245d9

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa5182ed1338e9cbbd3f307c11f8b379.html
Size

35KB
MD5

aa5182ed1338e9cbbd3f307c11f8b379
SHA1

f44ede9f6c72866d24812b28c614e42c9d6d6e04
SHA256

7181cecfd8f730f9635a72cebf8f16e3589f2d179bd13d2f78ff8ac1ef7245d9
SHA512

d3d434fdd04bd05d8a863da5c4dfc69162eb7eedac3eefbb6ee983616a455596488371d095cb6ab0ed573ad852e7f15dde0480020a5bf7b20e8c433f79df5d24
SSDEEP

384:3tv0I1lHss6aIHvXfCImoFLRMiKPzBotckpc3G0aollBnYwAdLTdjMA2sdll1hRi:KpHvvCImoFLxKPzSueDToll5ulF2si

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
4480	msedge.exe
4480	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe
1140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 1516	4480	msedge.exe	32
PID 4480 wrote to memory of 1516	4480	msedge.exe	32
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2328	4480	msedge.exe	89
PID 4480 wrote to memory of 2924	4480	msedge.exe	88
PID 4480 wrote to memory of 2924	4480	msedge.exe	88
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90
PID 4480 wrote to memory of 456	4480	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa5182ed1338e9cbbd3f307c11f8b379.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd40d46f8,0x7fffd40d4708,0x7fffd40d4718
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4156140099153397232,18051843616354747336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\515a4cea-3693-43cb-827b-7514f1d8c307.tmp

Filesize
11KB

MD5
ed8cb03c832ca5ddbf753ff57730a086

SHA1
052d3d204ba6cb18e130eca9ad91af9115abbdd2

SHA256
7d0759c1b08165b31d4adc92f6e18136a18509af03d9b4bc356fe73c3c41c1a2

SHA512
8b1abd8748af4269f3764e03a9e816efeb76fd853b864871ae40b51e401ce80b9f24aac41fe21503e61618003e1622c48a01e1abde0f5710d7aa94e9205c6ce2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
947B

MD5
7c8b060fd6985ea58a7c90527350c785

SHA1
9e8b70c4f15519a172b87d209ee973500175ab16

SHA256
153ade3b7727c3307553c503c4950ae3af5ee017049cb00aa16ab021c92b3abb

SHA512
90f80e8ce24914f4e4e8f37c56b56da9148f6affac978d5005c4211337ac3f967bbc9eb2c879b93c57432eb7f12db75369d1f06aa0a6d8a4c3ecdf65a5c09ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2ff498a959837f3ba7700817ef86463

SHA1
d1a22594664772b64972fce19c8146da968f5c3d

SHA256
042608beeda7414abc05373b8771c1aff36bc2dd1f57d088e81ce23efc0c1a30

SHA512
ea558e836ebebed1844d2b0bb8a354cd473cd4ee6651c540da07dd1fdcabde2cbed33cb265f0ac344c7b3e1f272ccc5cd30889d708c594fd9e2c8322b97f275f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26df0f234df6648ef71274ccf3239a16

SHA1
52fa22457bc6f0acd4214c27125b88a83399ba1e

SHA256
336ddece6f05fcfd4219313c186d4856a72af42445a521274d58e4046b8058bb

SHA512
822b9491431c4412ab105d8f86acc46221d9d9205b77dab5b24bbe5974b36425c7e37659ed073ba8b020cae81b2923c115c22d9b6296302c7dbdea6c86fb7435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b06093c76f0e7efba9def494cc602e9

SHA1
d658faffbaec3da6e7d666bc3d95da2e035438cc

SHA256
30508a039ab27649b6149be5dc6cd2da59dd87dae181cafe360fa38c695e6ce7

SHA512
279205fc3ed5dac1a25c2069d15cbef6138a88ca8a58c7d781664db71b0024f7b5e8aa8a78573c30b5ccac3c68aa536f3e17a1e79a1c2e58de274fe68dc79a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit