Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27/02/2024, 21:14
General
-
Target
aa2bc5bc4f6330a079ee2389d6c38c63.html
-
Size
89KB
-
MD5
aa2bc5bc4f6330a079ee2389d6c38c63
-
SHA1
ad48664c39e5fe146e8b655c69217fb562ec51d3
-
SHA256
b29e13563b461dab6bfbacd25db94f31e02e007e1752c9e14e428aade62193a5
-
SHA512
1e7e6028483e6c7d2916f1ddc9d68d5c60d9a1b4f5dad3b81623731d43f0929646f85bf38c0065ad46b580996c656298ca7c0a71e3b422381f66331853081431
-
SSDEEP
1536:AAoAscxaEHDjPkFRJ8Dctvz7TGuRGHD65Mgyx/uIdQGd0wAhrquEauKpmWgX+jt7:wAscxaEnkFRJ8DcJNGuagyx/uKQvwAhP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa2bc5bc4f6330a079ee2389d6c38c63.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,18176613807319139244,4509522394237454942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
22KB
MD514734a8bb0bbf70e4c2baa3d73adc7ec
SHA1b3a16d617c95fd8da1af3215867abdd80a23a708
SHA25656ad32c2be9235dfe4a5653351f1121c4373fb48147d91bbb9397b65d5bf0bb5
SHA512aaed10d4b91749bda93e69b4188c93d4fc89cc9e05b4ea5bdd8363cea53a3d1904f0080f23826edf35f18fe4bdd51a86c04a5a43b7e5f5aaf1568ed17e3a0d78
-
Filesize
216B
MD5002f90377c4389ab547e9b43936ed66d
SHA117a9eee5e63d2b02d7381dec0b6269b702cfd6d1
SHA256d806d897c384c72aa1803f0fe6d25d585ce5df01b70f55d495905f127f447df8
SHA512df47e7976282ce0f67814fbb0913498991bc4da3513d021f36b8e3b569f9f1d9f2b4eb075ad37ac357427070e3dd3d3c3be030a93ac76c727d76425ad4b4eda6
-
Filesize
288B
MD5fc642c9e49b25e6ab6620cb38cda0e94
SHA1fa90db93a71cb6f96c98f24ceeea46fc068bc5d3
SHA2565a5e29e047f3eae822317cb440c93a8c4cd291d812696952a4fcf81478a4d622
SHA51280f56c7f5172ae2043c6c7b66673c0cf587dc70eb83f5cfa60e9d72c0e04117fc14ecd35d298ece86cd593124862cd33d1bd5c6e89514ee329239f4998989157
-
Filesize
312B
MD5f3b78b8d4a385d955f5ab5eacc33604c
SHA1f01f486bc8bc9a381354cd77337dbd047c6e5885
SHA2569f3d94ac14e35f579134716e7e431cb5a57cd2826f0a013a17069c78eba56c43
SHA51250991baa2e7c5143893409e34a849a906991623a1600b53e4c57b0134fb0b43c18392a8c11cbf7fae5c6b5c6f985f1e1cd3860d5a8ff537d31c0d77c057f8d11
-
Filesize
1KB
MD54931441fa02bb43a565009b77be4c090
SHA1b2c6acc1d4b454536f19858ef68adacf8d7346c8
SHA2561c9b15cf92d7d2963a762a1c5c765f58eb772d34de15080b054c8cbd8c8191dc
SHA512f6a718cfd36eb486ba061a7f48b545fdb28623f0a91e243ac41aaa179e7346396dc6d475839e283201eaab8df63388ee4db33e7fe1392452b0a57f845d44d7c0
-
Filesize
2KB
MD5fd008d6dc8946267f32f50701f70f76c
SHA1d3c31fc4ee8e13b2bf151b79742a922831640a9f
SHA25657c082ea2ae2809b76846ff14873eb71257cf674a29ce853292d8a7e763b3979
SHA512b8242513c2f4e47f1f9d098a2a8aff3b90b1b8cce1ace03f96595f84f2a72994013ac01dc7ef3ca950e15190dde7d64384ae7aa49262d0eaece8130ceb8d36bc
-
Filesize
6KB
MD5b0121e8a50ba6ee4cec9e65222cc9779
SHA173fb8ca8a8fa76c9f3621b9a76fcb39905ca80ae
SHA256a8c8553f759f5fef3caf3d2281da518d1ebd45f5ad7ff6268f9be8f69a879a56
SHA5126454be94227c27a836f7c1b67aab0acc80227cadbb75ce42491bfaadd53e017b9f97da0893f3423bbc8dd697fe33c22619a7249aca830496299cb68ec26d75a2
-
Filesize
8KB
MD5539412e08a0cc3dd7ab22012a6812aa9
SHA1662ca61c10997a0ab1d1bfa10e49542087bc757c
SHA256a16f909bc57b93057e7c283be1342c492b0606074b93a8720c7e3ee614cb881c
SHA51252bce51f7de9ae3c6c8b421a0105ec25d9683ad4f87ddb401a11679cf677e71be0c1cd0392f7d89b5670b1730e9ec49df3ee8135c3f7f7c65adff01aa145788d
-
Filesize
8KB
MD535c74294cfc9d7fd2948e94024935ee1
SHA10e2b551aa9f698a08ab0b77844f24ab0fec0b9d2
SHA25611c58895233579b5d0235d00f408e664837cd79baa6bfcb4eacb900808b90cba
SHA512d6682c664d46bd786869b21721d691e2d4dd5b568d04efbf661d78bce3eeefa5f6821c84fb3f451475e88862f83cc2a68beeac73fc16ee93d736fce4adbd4b68
-
Filesize
1KB
MD5857b685657593db52f4cffafb9c0a00a
SHA190ee0f6dfcc0308638b7ee25708feafcf1bd6b2a
SHA2566f03295b35ddf310afee62f6926cf8c37c0da7c2e793cbb5be54eb8ef7d4c7db
SHA5129cabcd834bb8039dcd135a876d59898c473d28b033b65e29182976c5f18c71d4bbd8a8ae7c09839dfbef923fa74ade5ccf001cec148f343d408262fa6c8b599e
-
Filesize
1KB
MD5c914ac49eaa87ade96af6e84c59606fd
SHA11a138a332191e2483176dd1a684b35553877ae64
SHA256e3b673c3933151f979853c9add7a718bf1419d6c3028b69c2af69095150b4870
SHA5123434c76faa3d25e5fff4a352b3cfa382b629a528f2e506fecbba172adcbf831ad6ab455f5b7a43000605f7d530c9efe6a3a6df17a5180ecd0ceaa96e047e0368
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD59a2ece3656ae159947e32d99168fc097
SHA16b7f7dead3200187c808900d74a0d88ab4671af8
SHA256712352ad73c68689ea41034f71b129e1af662d79da785ea955f90b9b6b90b298
SHA51222c5fd2db0ef698dfde0c15db4dce3cac9d3e32c67ed59108a7d9aa279c0aadd45590641cbb3f0ed5b3df5103f6a5508bfbfbda0658f0be00bfe257d56623253