a20648fe8838d37c74e87b8d6a6f8b96c2bd58fe6f90aa7d78e6dac0c89444a2

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 11:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b49a889feee52b28421aea6921ddc2ee.html
Size

226KB
MD5

b49a889feee52b28421aea6921ddc2ee
SHA1

466c0e0ccd5d4d9dc779027a8b4cb8bb4c9fde2e
SHA256

a20648fe8838d37c74e87b8d6a6f8b96c2bd58fe6f90aa7d78e6dac0c89444a2
SHA512

4d4a99335f7558df08fb1055bfc445bdde8811742e644da592732066ee96701ce1cc7dfd933ef83790310e08629f1f0557ed921f361a9a035d5247befda01643
SSDEEP

3072:fKA7109Bt0ERPByfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:fKA7109BKERMsMYod+X3oI+YS1tA8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3980	msedge.exe
3980	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 3032	3980	msedge.exe	87
PID 3980 wrote to memory of 3032	3980	msedge.exe	87
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 2040	3980	msedge.exe	88
PID 3980 wrote to memory of 3856	3980	msedge.exe	89
PID 3980 wrote to memory of 3856	3980	msedge.exe	89
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90
PID 3980 wrote to memory of 1512	3980	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b49a889feee52b28421aea6921ddc2ee.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbd4246f8,0x7ffbbd424708,0x7ffbbd424718
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16401026284181664407,2251851752406870727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0feae3bef320e77b29bb8c3b70f126d2

SHA1
0f651cdb7e42e438e6e900d45367558de47bbf18

SHA256
ce19ac9e5b0f23d63b7480369002614789513d57652923fbdca0eb27940423b9

SHA512
69f4cfc4980164a1453f1a1e2a8c10c9caf6b8a4a1f61782472e3fdc4c0bb964277bcf0b2599fed3344100ee07f93204e1dc13cfc91bd177d5f9628be715883b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e69038e767105041995a5dd59b845e26

SHA1
bc382e725d08239056f2e5132a534e0e57bef045

SHA256
1122119efe5d526b4174ba2426281ae3c94732202844def6e1feaf70c3b5d2a8

SHA512
f1272a5e43d511d1954fc5c2b65f51d2f31d79ebeed11845f8c34be584feb5d784aad13edea2e7e219dc8585d16372bc18869dc84c6493128603d2778f45cb77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0cc19161ab1da4e5c44b9121d760151

SHA1
fcf0ac70e68f9efb6b595f00dd87ba444b54e317

SHA256
47da2bd8b511a244ecffca04332ade7bcd7121fd95b8d41cad5a4f1f9ffb26bb

SHA512
c2ec5efc42ecfca07fc8708e6386c96e101d4a061ccfc59481b57f2b471639fabc8b9d804551c12773b154fa2b6be2e6befc8f621d92e22a9dfc6819ad783f33

Download Submit