fa17873f87f998e5c0fa0d5eb695d16b8ed12de96ee7e035829234d6f42fded2

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1ba530e2cc2bb499f4a0da1409842e.html
Size

12KB
MD5

aa1ba530e2cc2bb499f4a0da1409842e
SHA1

a0b4eda360d4a4cca4e7e3f71e2415ac1e5c7eae
SHA256

fa17873f87f998e5c0fa0d5eb695d16b8ed12de96ee7e035829234d6f42fded2
SHA512

eb3431558ff657a3851a0347d9745e91c01f7a47d7f33316c21a2bd2761514637983bf6ae30396d8a1f0d2a9c10a1dc722f349f08dcb9b48031e5e5614ac8982
SSDEEP

384:sglIcAdNVhj+V/gcgB/Z3n1wWda0bAguLZ:WdQgzJ/AxLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
4084	msedge.exe
4084	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe
4124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3412	4084	msedge.exe	41
PID 4084 wrote to memory of 3412	4084	msedge.exe	41
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 3176	4084	msedge.exe	88
PID 4084 wrote to memory of 2428	4084	msedge.exe	86
PID 4084 wrote to memory of 2428	4084	msedge.exe	86
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87
PID 4084 wrote to memory of 4088	4084	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa1ba530e2cc2bb499f4a0da1409842e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab92046f8,0x7ffab9204708,0x7ffab9204718
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3876045198033659648,1860625751903841271,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
660a36dffbc49c4a58b7e9f541a759b6

SHA1
62d4cdf2f5f7ecf73c9145d7162fd06937c09427

SHA256
0e309b4dbaee4330eaf88e2de6788b5bcd9aeb59d17f33ead769bbbb3cdf4448

SHA512
1270ecd2fc099f9af5114c52813de369a1601cfbfbdeb69ba7ab153e9923db8946a6fa773332b077141fdc9b8abdac5b417ed660add7d9403febc6e351ba40ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6adcd1eb7ec5d91785b3a513754f3e0c

SHA1
5034783c8145b381d017686119a7d4ab8557ac74

SHA256
f0ebb5dc3b3003374b897ec448afee9bfaa0b2a2a2a2ffea4eb8b5b66f744eb1

SHA512
af170db44430018a6d6a7785e96d4bd15f3c73c0b0f9d4f97828e073755d0ee703bccdaa2ce3bd8f69894a7c58dc3fcc3e86d2f7d15c58cffdb9b00af73edd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3f2ba7bc51a420074db2ccdef3254a6

SHA1
0ca6008f145f658dd4dc1dbcd74a8fb7f80998ec

SHA256
d49ac5b7f51d5af34a3300beef0bbcee135e7b11698d062ca5040ea400b0a98c

SHA512
f1541605bb6b931a52ac9e26dc4760bcc996e99311cc9da940b2b64016ffee9158428d6bfb79b70ed272def1ba2ff47a8b3640461458c59fd2812c7872e41d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2eb279936d99d91868c0f8d86bbd5d6

SHA1
8a7c0f7ef92d98f61f814117d4036e6ef7a99868

SHA256
8d407ef963b1d29b84af65d920e89ddfa0fbfd7cd0222df71260280da85c369c

SHA512
b9261e9913865ce7ef8607b749f8a54541c36080cfefa361049f31beab32ba93513ff8c8e5c3b201a83a77c05ad6e9b2b9191d555e020dd3e6613d0fa345fbae

Download Submit