d38f9158f2211bfb8a7460456be17725ddb1df1695b9e98bf2778ac5a1a63683

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 05:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

adc9e287eb797215e352a2d90b836d0b.html
Size

131KB
MD5

adc9e287eb797215e352a2d90b836d0b
SHA1

1316906f80bcd764a72661ea6912c8a9d090df92
SHA256

d38f9158f2211bfb8a7460456be17725ddb1df1695b9e98bf2778ac5a1a63683
SHA512

bbaa3408fe48a9efee6a66278272e35ffebd2d4eda03ac2d16f8130f95b1a3a223ee125780b0783dbf4d9f764d40b7aa21d075b152c74b491cc99570037561b8
SSDEEP

3072:DInwWBUZQPJussCfwrRfbbcH4Lc1SePF076bVNLoydD:KwPQPJussCutePRD

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
3568	msedge.exe
3568	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 3056	3568	msedge.exe	16
PID 3568 wrote to memory of 3056	3568	msedge.exe	16
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 1520	3568	msedge.exe	57
PID 3568 wrote to memory of 2052	3568	msedge.exe	56
PID 3568 wrote to memory of 2052	3568	msedge.exe	56
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55
PID 3568 wrote to memory of 2528	3568	msedge.exe	55

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\adc9e287eb797215e352a2d90b836d0b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc2d6246f8,0x7ffc2d624708,0x7ffc2d624718
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4241796990671603114,8025918508659325972,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
75501641cc4d637060a4aac7017ceb6e

SHA1
db7a2a3cc17af2dec5c250497b7661a56518155c

SHA256
120366f1ff50929f9eace783661e5bd7bf8b9be54ea089a604437832c6c7b553

SHA512
4210e294eb7a833ea704a3a3db2fa8dfe6bc84bab94348770c52a3bc04438253bef754308fd3ab99a144cfd4c3c95a7939f97e63ae08b68824af09b88e14908f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e0ae2be96d8d6213c358406818373552

SHA1
2c6779e295dd7e933c41da25086af60ac185c191

SHA256
6a8f08cb1cc205b17f2fd994eea1a03d2caa644cd277dd843516b6d096de15c4

SHA512
b80cac4677df251ab3401e844e8107ea024062e761f3023c407642836181d349cfb906224489e42d9957d9237171dc8cac8372d0cb68e13c0adca50eee2c6fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
793B

MD5
847d18bfb379ca471941d978f8d32a94

SHA1
c58b766e4b6da61f154a7080b0d6645dda8461ac

SHA256
5058ad7f10bcdc1792ac1ee50057e0cb936e82d3afbe94794d883d367022dc57

SHA512
bf37571f7765e0df8ad7cce3d8e948f2ee9f2859b1981bf6052ae3cdfa93bafb5a749852a73f0472aa3c0d81bfd6d2117a3d94a8cd2e985fae5323a25cd85368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd72984b4a37e78446dd8c9230472aa8

SHA1
ea219e969d2c9cc64d63d59f77ce1e2a03ec2632

SHA256
f1603f7dc80d2016a79568acc60f632708489240211039482089223228078fdd

SHA512
028feaa9cad21946e27a73e76f3c2a4f7725c309cea3a9652cd99b1e01f83e7864da871f293ecf576b7bf6ffb0085b71a39e90a385245caab49c66993e803fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c5ca135d9fcf4103ed7133d4b246390

SHA1
beff65ed440f3859c70e4627b3906ddecdd5732e

SHA256
a7a2b8d5ab84d417d3780df5cf998d6c314b07498aee9a500d819c8d3e44da7e

SHA512
835359d6ee78e61c28336ea85d26e79eb8d0f5aedf5858d8549f6164c2e89ea0e9ab4c8d0cf1abc589870264f3a745192ffc93d78696a0a7c104b42f881845ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0203dd04cfa5d0d9d65cd068d72651e

SHA1
447c8a0b9b3c79bdb6d625814e29309ef84115b2

SHA256
09384d2c5bb0e6dab94d02173d0326ee1d12b5a1a26d22f62cd79bd62221f468

SHA512
6b0d4a76cf9199799a7b358ae476a618fbcf8d9103ffadc64312b1554cf9ab40c643f51b39a07b2cf5d29c6659870d3a34a9b273a7aea9b84d5b51b3b40b6751

Download Submit