e3dff06f5d6d147709d777db453936f76206ef406a88281aa81d387c2afb0d28

Analysis

max time kernel
177s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb02a90e26b4e028d35661110fac8e2.html
Size

53KB
MD5

acb02a90e26b4e028d35661110fac8e2
SHA1

ad2f0c23fad93db60138b36cde067897707ecaf2
SHA256

e3dff06f5d6d147709d777db453936f76206ef406a88281aa81d387c2afb0d28
SHA512

fa7b111bf15ff083e8f673106cf772b586dd03c5a324f90522b35eae97c59718d2d4c6c660c36389e3bcfa7edef74edcf027938bddcbfe33009933e0478f541f
SSDEEP

1536:CkgUiIakTqGivi+PyURrunlY763Nj+q5Vy0R0w2AzTICbbeow/t9M/dNwIUTDmDV:CkgUiIakTqGivi+PyURrunlY763Nj+qx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
1912	msedge.exe
1912	msedge.exe
2824	identity_helper.exe
2824	identity_helper.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1416	1912	msedge.exe	86
PID 1912 wrote to memory of 1416	1912	msedge.exe	86
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 4460	1912	msedge.exe	88
PID 1912 wrote to memory of 3576	1912	msedge.exe	90
PID 1912 wrote to memory of 3576	1912	msedge.exe	90
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89
PID 1912 wrote to memory of 2004	1912	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\acb02a90e26b4e028d35661110fac8e2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7eb746f8,0x7ffe7eb74708,0x7ffe7eb74718
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,3449244510176470388,14233045506422474014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
21de65b973c3bc1b971b090c85778088

SHA1
4045e365b2e5dd1a9ddf90bd885b245d92664a1a

SHA256
1bdf93031e1f8f07ed1ebcf4af4b36ab73ac088ddb83f6da4c6b25593806e260

SHA512
f089bce416adcc9c6de4f4dc71e39bd202c157202a1ec9034ac3d45b597cdd1a2fa72790065ceb62d173574d14cf1f05b79fb15b7eb570e0e162b1bb2a280216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83d5dde781dbb4e2967be9c78db6d87b

SHA1
890836ffc7fec78377dc89972781094119720800

SHA256
d1b7b99387cffee3bb44713229b824329c3f5cc865a6e27edecb72066adb33c4

SHA512
583415ac324db3cb8ccc78f4c4d608e063903262ca80924ac62bf83266f58f3adb045fb4d6a994edf6b0ea8e534bed3a75b38c196fd936f409fd160fc41b85fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc8a84b600d7053a16715fe05ef38ba3

SHA1
d67f45999019de0586d9569c9369a1e888b1f1bb

SHA256
4a856aaa290cd84a0ed0017219cdd4efe02b3af0cbfe7afd86808b17351fc2b3

SHA512
a90fe401eea59ae88da6171f3789ccc1354f8ddb5e805dc6280f4b7fc9d5688d2863ceb1f14699d27f88a8030bfaa0b1b0c3a4022ab904e82e9cb7201789b053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85d41092f7efc30d3d013cbaa554fd95

SHA1
7f95ae9d3c3fea23de27fdc576456249d1ec76d4

SHA256
688f8a423fa454900a8e21dd46507c0db0a53296cdac49cf9d4f0366de794acf

SHA512
c196042aeeaf6c0aad4aa84bff1c30914f2106dcfea2ead4ef0a2f4dc98cce6b7f18d0fbdefd7cc8d0d4fbcf80928f3a5ef4ba1d0ad21d4e4fcbc8db24973874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fddb161cc8de5cb06cf9c468023c2e43

SHA1
b69f7c514329d2f287cbf8f191adee3c3d4ccb1a

SHA256
cad985ac39d7ac257a92a2807a6b40ab0186bea4b3da68c8e2302d7bdf9ba176

SHA512
a6dabfeb9e6aab7a19efe111b45c5eef206ad1374b1d4123d1fcdbf4a277a90ba3fbeb6abfe5d428019cfd34bacf66d4d278a61bfaff11f40dbcca587b0f41d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20aa656ff0abe13d4b49ce6e54157411

SHA1
4c644aa7131319df864299d6f0e483b84cf63dc1

SHA256
7559f50e721b09239c0160f98a44098da0ca832f3d659e9f1ec046afac8d0ca8

SHA512
32fbb2afe172bdd3b3fb2e68c67e238a1dae70d1fd29de5fe398fe55dc793c9152f093f264a12e8e4a28ab1bfa5c2710f7cf5b31d82b7f2d43c8b6e78cafd04b

Download Submit