115438853feccd6858e3942f683ee054b10ed1058a5797a60b4ddce4041cc790

Analysis

max time kernel
121s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8395b03f25335a08a6d8183e8ec1001.html
Size

38KB
MD5

b8395b03f25335a08a6d8183e8ec1001
SHA1

330d72405a47b9b01f3fb44c8cf2ec1218e5336f
SHA256

115438853feccd6858e3942f683ee054b10ed1058a5797a60b4ddce4041cc790
SHA512

1b62ca56128a165ecfde57abcbb4484a0c180189224aed97a103a9e6d3f2d2d43ac92a9b0811a57869c117f131b1e2376a8c711b6c551090ee08a0d688b3e9b9
SSDEEP

384:eCRQe4n2b0P2db57JJ/LVo2VXgSyE0YfxD7arebuCxoBoyMLrHCfzrp38GYZ:dRo2u2dTd5o2DyEPxVbuCxoBICfzr0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4192	4404	msedge.exe	90
PID 4404 wrote to memory of 4192	4404	msedge.exe	90
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 4492	4404	msedge.exe	92
PID 4404 wrote to memory of 4492	4404	msedge.exe	92
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b8395b03f25335a08a6d8183e8ec1001.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffef88f46f8,0x7ffef88f4708,0x7ffef88f4718
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4328 /prefetch:2
  2⤵
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
758B

MD5
bed1234255a698450b6c822818f87de1

SHA1
e33094aacb80fa3bde443e945aee44008146b4e2

SHA256
8309382cd2841824d76c5a8a12fb1eed6c11cb86926eb7c438c518f32b1bf8a4

SHA512
940443a640fc71f2d2f65e9d6587dd86af72ff593b7cd498b9bfb4470c0170bae1733b5325e6f0bb11f55fa4bb6f7e3c930c84bcab4d1cc2cf5863a2d99de67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec87f09d3065b74bac315fe1e3b56c08

SHA1
13126ec096513ffead98e25ff6613be8b1a449a2

SHA256
79f15f715002ed93e11600a3145346e57236be39031c96301181fb4deaee5a3a

SHA512
dd0ad437acf4941ff80019fb8c7d0b1faaeda7d64a9b6cb8c5efb1beabd0276f1477128d13ad62ff25a9b1c80dbf4772c7a69d17ce1d526e1c4492cc9e41c74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
469769f7f45167a93c24b0c9bab86c0e

SHA1
a76ef645646ceb90353cb5fbdcb91fc4c030d201

SHA256
115ce0fa605a0da02f6832ec33fc2bb2ea1f6de81304c9f118f8d8da485eb656

SHA512
00f42cab5fae0a7bcdf9ff1fd8db986d03a10ed455172b69a952a34c2116a337330a2e4b7d78299ce322fd43b4187d69c044165e699223435a336c337364fbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70a66807b4e29d14c990092c1fd7793e

SHA1
0c79c79ca8d9be013f276ceacd8da340b2564f73

SHA256
86b14c75a9292195fc3da349bc3a309d481cbdad640216b4f7809c46798b95c6

SHA512
f3e96ab99520853e81cf767482fa8dff68f75df430323f4966a2c93bc683242676a61d3ea88e8cd3db17d62c8c29dee5630d85ddf9cbb54840ad8692481f5b67

Download Submit