d89d40b0075a95f5cbf0c09cf2d79d09e5d656f19a20107acf97207f5f6e7468

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 15:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a984da1c0a13fe1c1ac0df0eb255d4f0.html
Size

44KB
MD5

a984da1c0a13fe1c1ac0df0eb255d4f0
SHA1

fb334bddb47e8ff138b4630b86c699efa2b6b199
SHA256

d89d40b0075a95f5cbf0c09cf2d79d09e5d656f19a20107acf97207f5f6e7468
SHA512

a554729248874e17097945c5e730d854e4d93978d3538e0cd7d8a456de293fddb25c1f2eee1f9200b94689a3bfa3635d0557079c30c09f9ae1194613f89eff30
SSDEEP

768:EcIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZw/:ZIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
768	msedge.exe
768	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 716	768	msedge.exe	66
PID 768 wrote to memory of 716	768	msedge.exe	66
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 1356	768	msedge.exe	89
PID 768 wrote to memory of 4912	768	msedge.exe	90
PID 768 wrote to memory of 4912	768	msedge.exe	90
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91
PID 768 wrote to memory of 4720	768	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a984da1c0a13fe1c1ac0df0eb255d4f0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff513146f8,0x7fff51314708,0x7fff51314718
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10579279623126623874,321228741645653367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
308B

MD5
17615bca29a8081000b04df872a132f0

SHA1
6ebbeb754de2f9cdcf48fd6a6fb87a63e98e9e4c

SHA256
49e822db1dabdcbb58548687ec5074bc9bd1a2dd273280a70dd3c3c8845f3d53

SHA512
d46717763c0da75896108c982fdd495ed392e02607771e9d6000545683d6ff3f0f36ba49554099cab47f2706b91e75c7a183ac8defe65a544d9e10cf8f690040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b4a6f9cc57d13e9f8a067aae3150823

SHA1
2df02a8a0469a4511dade20337d2410beb796005

SHA256
c60c56b08bc82c72012dc594eb7cd8937e6ef8af0f1ce67d3d7d3c85108e35d1

SHA512
51f91ecc576ea4ec29dccafcea965540d77d058167c3dc44b1fa97d805e157a2a497f65255858b75092cd129f36b65862d1d82ac7840ee532593f2c8bdf52e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
579a1a239c10f2bc5b88634a1d1399d4

SHA1
b6de63f37b3996aa8277c977b70671f99c51c391

SHA256
07adbd7116399cd873e2598bd26a24c63772197172b7adac47662a8b2073204b

SHA512
db7a4bb63c5a710e0db9c58854458d5ccd40f2d58336e1068a72efdffd34f8d0929cfcad22d71e2ae22731b8b92362621250a40aa46d293da5359424c69a5a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cabeb140810bdee18af2250361305aac

SHA1
85e6f88057ffb96c229f38d4c7b1ae27e6592ffb

SHA256
d74d392281fe147b8d7837afd20df507732454abe5b9a0ea0c9416a00c33d051

SHA512
d32a825d2b53edc098eb9321a349f30f3b0a4515e1f8b2e965f70bfcf11617d03ef7897adcbeb1730cbf461301256ae763d43b480844d1482a5c308fa6236c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed9b7350637dd0eda3ca05a35320a530

SHA1
0e91d76d6a6a05e14b33371275c27e9b0e968105

SHA256
589f3d1ad64cb858ff883e8aacd2ebc7a82bdf3a45c6084239ab891c26ae9a0f

SHA512
3acb11aec1dd87b5a7cf8abea47a04893fd96d272843ef627093f181e0c55eb54f2c2d14e12f988cea52c0449d0b4649a6d9a3c78ffe39abe4d32808904e6487

Download Submit