c27fe28eb2f2657b51df215277379f6145af8f5e0145c000c6f263842b6bc9e2

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abc2db36ce4f4d79e325e9f793fd2c60.html
Size

32KB
MD5

abc2db36ce4f4d79e325e9f793fd2c60
SHA1

f572b70a615be1cf0765683198a086c437d8b621
SHA256

c27fe28eb2f2657b51df215277379f6145af8f5e0145c000c6f263842b6bc9e2
SHA512

f20c0fa3f64fd71d802e3b69749acb821be10314b8121d0dac2fb0c077bc604fef6a0578e4987f17863310065682138fe03fda0d4957b02b830cc82f1c683874
SSDEEP

768:JxIRIOITIwIgI4KZgNDlIwIGI5IMJ7StIRIOITIwIgIfKZgNDfIwIGI5IVJ7S4zd:JxIRIOITIwIgI4KZgNDlIwIGI5IMJ7S2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
2604	msedge.exe
2604	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe
2604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 3124	2604	msedge.exe	20
PID 2604 wrote to memory of 3124	2604	msedge.exe	20
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2544	2604	msedge.exe	92
PID 2604 wrote to memory of 2368	2604	msedge.exe	91
PID 2604 wrote to memory of 2368	2604	msedge.exe	91
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93
PID 2604 wrote to memory of 2124	2604	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\abc2db36ce4f4d79e325e9f793fd2c60.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9288c46f8,0x7ff9288c4708,0x7ff9288c4718
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1230579557567965813,1515048104145801622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
498B

MD5
e2b9f3c5d3eef57ef9f4470a0f8ced22

SHA1
5e9afe14ba8d614847bba09a5aaea940c27427a1

SHA256
905e8848e39ba4b87c9360a3f335674f2640f1714fbb4bc297b3fcded09077a8

SHA512
f77f9be0bd929f72a388a839c2ba6e5ba1d47f70cf0e1897cea4b1eb25ede7923df5a37914944f2b163c94397abb69f3d5234d8086cc18f1d50f6f0374091ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b016c821c426632f2e0c27caaeb6ab5d

SHA1
d91e2086751ecda0d3d769050da67c7e222c8cd9

SHA256
45b93ed7f6b2f874fdcadd08dde213a60bf829efcac582dfcd4485e4dd441d16

SHA512
34775ee43779562122dd49b9bdce523166e3385202e3d2c9ba75d96990d5aa79fa0c355874a3cf14e92de130aa575e4a662c8112d94987e008a052d5268df545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
298b02212eb657eca89e835456336017

SHA1
7da1e2fc07fcebfbc5ed1f6fc2a1203c06e6c888

SHA256
4af8def7c1cff72f5a20ad03fd30aea72014254263c5837e2a37cdabf33c0795

SHA512
ce824bdb65e40eb57e08b2a36c8af21443f115bd5dad3c73d5979f2a78bd1a27cf9e55a6505e2c390404594a68d95624f7914ea95f28a83cfe2c55c66a44fb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0b516e9310d5a464e9341f7fbb7656b

SHA1
84b35303e9a1fdd1b60c5ebf0e51e7c59f79d477

SHA256
8d24a64995c60e3bcbc8dfee75b8fb9c7baaa7915907382cbc6ca5484ec6dce3

SHA512
1cd50965decfe8455d43c016983b21b06856b6a71776cc239bdf48934a3c966ef8342bc48ecbafb6c2cc6b2ea6f318653258368a4ac189c4ec086759008b1a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c7406a37-926f-4da0-a379-cbaf6e9beb3e.tmp

Filesize
11KB

MD5
0c2679f1a5bf51fe75d0eda9f8d58a42

SHA1
c9a8d58e786c771ffb2141a45003184bf37992ca

SHA256
08aa3566536c38428a244e98752a04a9ebb3270259443b1b0ffe0ff2386d5f27

SHA512
6e227854d873c2e890eb45fc13ea651e9794775bcb6ff900d2647654e3f0169006046aec192b6baf00cef41ee89e44f5dd28f068c9901148ced2afc670f6d841

Download Submit