81e91e3073d06caba4c6b808e285d16762d8ffeb00628a56b973abe3fc324c7d

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad6c748952f54a65e78767f8be803d24.html
Size

44KB
MD5

ad6c748952f54a65e78767f8be803d24
SHA1

7a32ec8746ecd3024b2cecbd94826bbf9df05e2b
SHA256

81e91e3073d06caba4c6b808e285d16762d8ffeb00628a56b973abe3fc324c7d
SHA512

a709342e73f22f16611995faf31e2d1640c5bc077b701fec4b66edd3f07389b193fc06669da089411b0f3090fafae201ed2f01da1989b1bd8e4dd2307dc04ac7
SSDEEP

384:DQhBB8GE5A3q2+PAn/rGVvRxaQYS+vMz+nRqrGfW5HssyPSPYe10a9tljt0a9tlk:EhBK/AVSoQ7kk5JkPSnj991bFE9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
2208	msedge.exe
2208	msedge.exe
3196	identity_helper.exe
3196	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2520	2208	msedge.exe	62
PID 2208 wrote to memory of 2520	2208	msedge.exe	62
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 1700	2208	msedge.exe	88
PID 2208 wrote to memory of 4228	2208	msedge.exe	89
PID 2208 wrote to memory of 4228	2208	msedge.exe	89
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90
PID 2208 wrote to memory of 4820	2208	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad6c748952f54a65e78767f8be803d24.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0bba46f8,0x7ffe0bba4708,0x7ffe0bba4718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,9609528028713101489,11356503673657186617,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
e4c2bfab2703aa60367f9182d3fa64a8

SHA1
c66275f344f28e481d935f09031dc6961c132b97

SHA256
19767607a5f7ae449fbca4a288e43a60ca5d13f800da6247aa62ff7d05f4713b

SHA512
a2eaefd10b29f89661e5f89d7512e04eefbb088eb789db12d17bd9337029a8c69a768ab1f5294e2166b300dcc66ff4cc1635512c5463a3557e90a8240cb00db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30d12306e9875972ade758a68bb9ec8f

SHA1
fc93460142debc25b3a17ed4ede37cf15a2ca1f3

SHA256
bb9dc478914f00e730f8db2d0f618aef5b0efdf9810dadda3776e6104d9f5fcd

SHA512
79e4dd423e855f6bfb3c2990585317dc5a1f00c11e920fe2ab42e33830966d7c94287683065400ee0aa7ee3fbe66c9f074ae53ba8e53635ab81865546f9cbb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
335f2cdae65d06cb37ad08feb2dbd8e2

SHA1
c174b6fe5abdac416d46819d32b6d3ccf39712c5

SHA256
b2514ae78ca2dfb1a75efc1372770a5d73abb0991d821a0e62449fb5ac5340db

SHA512
c1029d906bac83fa0efdf68f27a4919a2bd2b2c9842232f4114d96a64d3fa4acd8be636fc65661a6ffb590ae94097bd63a222ea73fb116689a8289dc44a687d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8c89709dded25780d434ac15a3d0232

SHA1
3019b4605dfb055aa65a382afa8e8c4e1ea26ea5

SHA256
f7dc2ec1a5cb430b6ebdeb6ad5b57043fc626a215089628ab7c6780f724e3300

SHA512
b6b45355c1a7b3d95c756cb7477f60a977712c9deae7bda7c2ae7b7e6e8dfbe531cdc7266d4e1e05a1e1113c06fcf39cc10807a6a262c47b8d3fe38bf4b697ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8cc738f375daed69344f3f542fc712db

SHA1
3e5657a697deff892b0ab0be687c2af7be0e7bcc

SHA256
f39e87582b1daad37e98455a88ffea21dcf2978ec2ee7d1ba52e6bf9e152052a

SHA512
9a7b946ae05d1ce2cb8f8cd4207e79f2a20069117158c43e49a58d3911e61aa6fcad46ca9e676168664c3003c6e8667ec2f9c03b403f972ac20d36a3baa2426e

Download Submit