e0a511831c2dc4dc7e84c06cb35ea8ef23de26af7ba59bc6873a4f0bf9d05b88

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 02:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad8051d90a7a5f6f6e2ab59aacc36bb5.html
Size

53KB
MD5

ad8051d90a7a5f6f6e2ab59aacc36bb5
SHA1

681a9360f28665b21516b664cd7d37edc259bd81
SHA256

e0a511831c2dc4dc7e84c06cb35ea8ef23de26af7ba59bc6873a4f0bf9d05b88
SHA512

c84007eb110f9bda848380d95afabd5e63eb15b861b4d78e0546f877df5c146961ec9667dd4d0da992939bdd7096e28089ef00349fd2ff4ebe4830a76cc0d285
SSDEEP

1536:CkgUiIakTqGivi+PyUSrunlYq63Nj+q5VyvR0w2AzTICbb6oT/t9M/dNwIUEDmDC:CkgUiIakTqGivi+PyUSrunlYq63Nj+qH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
4440	msedge.exe
4440	msedge.exe
4056	identity_helper.exe
4056	identity_helper.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4044	4440	msedge.exe	86
PID 4440 wrote to memory of 4044	4440	msedge.exe	86
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 1860	4440	msedge.exe	88
PID 4440 wrote to memory of 3004	4440	msedge.exe	89
PID 4440 wrote to memory of 3004	4440	msedge.exe	89
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90
PID 4440 wrote to memory of 2148	4440	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad8051d90a7a5f6f6e2ab59aacc36bb5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc93e46f8,0x7ffcc93e4708,0x7ffcc93e4718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17269324986131018901,5335280094781641470,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
0b2ff00e0e3b19cb402164b17fa06185

SHA1
6445a37f69dd3c94cb378343f75555b93a67763f

SHA256
bcde7e1feb6559e826eedcb6975c0d26a9484fdfa00124cb8192c1847c4444d7

SHA512
966fb826cd0dedbf5098fba9b328943a6fab225dd7ee19ac886b968a967af2bce2d4a4ca690c38e8c6797f2c0f733edb0a3ec0f89546551f6bc0076d27407083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe29e5ea4dc933e54f1ccdc2acede7d2

SHA1
f48fa2c8026c822443c8ab8e3679dfd2441b0cd6

SHA256
659cf28c89e0bf42d7cae7361c11e2dc5bae21266639042b50b6af750e9fd6bd

SHA512
95782df087fb6689de7fd4b77b8395d2d5b3c19e933b93d514beab66941153b52eaebfd0e5e2320e5bbbb8c3279a36080c76e6bf7a53f82a1a4ce51ed14d4e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ceac15fa6c5d2c98082d182c27d2fa22

SHA1
1ecc4bdbd9031c9521a075fac14eff06e9c48816

SHA256
33a2d56d211c0677c7b704ccae571a5e320aa106703b9f4bd41374475ee9343e

SHA512
9f1962de182b18642b0aac29eb4b96ea8f8c513442d334f177ba0699cf45c16079af722e1308f052ca0aff3907550aa0f73321e312927dd52e650e0d7f6591ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5409cc0c49abd8e03499c4eba12f34f

SHA1
90fcb78ee1c654869c86ed7874f5e49ad3af0231

SHA256
b80f18dbfeebb6c276feb31b9b0aefa469b3c20c3dc84249eaa5e1b153884fc7

SHA512
eee0a9c94f1678ddb4020731188545e247e74c93e775a25a7067828a7c126a53309db0f1e705e912434ad7dc9ec54e8d34d1e5d39a950cd7aea7c86316bb6c7d

Download Submit