7d240a704184e81da7679f5ce4a2c06129fa994d601af0cf594919c204c0a1c1

General

Target

7d240a704184e81da7679f5ce4a2c06129fa994d601af0cf594919c204c0a1c1.html
Size

819KB
MD5

a91e03ad9ab8013830296daa9ac203c7
SHA1

81b3f06fa6e08037d59e8abbed948b2e28cf2b76
SHA256

7d240a704184e81da7679f5ce4a2c06129fa994d601af0cf594919c204c0a1c1
SHA512

8800fd945cf18f8104603103c3d5e523558ff29ee5548cb8e91eb2a9686ef66d1de8af48fdfadd02f2730be143030ffd235fafdbe9753cfa91d5e1ec279c75c7
SSDEEP

6144:aSrPGb6pFz+J6dCcfOMcXLtEGYKM29+9oPyv1LIpc1JRqSYs:0EGd79UoPyOs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1244	msedge.exe
1244	msedge.exe
4412	msedge.exe
4412	msedge.exe
1944	identity_helper.exe
1944	identity_helper.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4412 msedge.exe
4412 msedge.exe
4412 msedge.exe
4412 msedge.exe
4412 msedge.exe
4412 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4412 wrote to memory of 440	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 440	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 3368	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1244	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1244	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe
PID 4412 wrote to memory of 1488	4412	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d240a704184e81da7679f5ce4a2c06129fa994d601af0cf594919c204c0a1c1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8505d46f8,0x7ff8505d4708,0x7ff8505d4718
2⤵
PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,18337296293594523430,4789531680439392430,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
674B

MD5
a70c74033098b89f80a862e3e5c1cb9c

SHA1
02bc991df8350b6b52b02675774a23407bc5d3a7

SHA256
8e6d15346cad313013155665174ea6ba97f8b5ab8629803433ef43a9321fcd94

SHA512
8cc839bbf9600802fee73215438d1c6f42eaee1996e78362bc53a195eb33e87d8971c9317874bbcc14ad47757e6f9dd17d0030dd536c5d899fcd5be129165753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
eae58c181f8a3ee4aa0f19822931b699

SHA1
aeb440099d3f75f85bbedec82f1f8993c0619732

SHA256
348fb0d45b1a6101fe7e5f9cf8e518f3b96f5e0868db67998c12a9ba929b17f9

SHA512
89f4699eb4a0f4cee1a73d93041556b7637504e1a462c55139cbe72c58e808b4fdde40ccb566ef676c2c73fff556bfa042710bba8c2e3358d6e50b64eb14986d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
892267a50980944c20cf2c691f7a1064

SHA1
406ed04e2454aff0bc0edc6b110aeff33ad66e3e

SHA256
7c82364e3e9fb3b78e2795b8497186f2397c78031acbf5eadd19aef74a863b58

SHA512
1d0012d7c935adba44edfdc5254b41cf864dadd111e6aeb56976dce2a7d9eee3e2befc7b38b44c5f23eb930ea388a1c21bc016fa516f8e8c3d06ea088a26da3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7179d30a482e515bf3ad855502dadb93

SHA1
e3cb32f88caac0d09b1add4b51b5ef99bf1e237f

SHA256
2d9ce6359dc785ebdaed9d1154c84863fff4dfcbd2f88212a6c37f83bdb491c3

SHA512
ad0b6f436963052394c1a34c00c2d0799016e9f4d472a6ab782e8eedb3f77100925e537a5aa206d2084015fcb603e8a2b22666bb86e4e64349e983cf2fdcb891

Download Submit
\??\pipe\LOCAL\crashpad_4412_CQBIJBFMGVBYHDKI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads