d9c551faa8afae43304944d14e172521825084a4e08538be5c9eb9c1b621616f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b92d4f6fb8289a3f25692fe0428ba9c1.html
Size

54KB
MD5

b92d4f6fb8289a3f25692fe0428ba9c1
SHA1

211a8eeafe31598654f78d6db73641b2eee1adff
SHA256

d9c551faa8afae43304944d14e172521825084a4e08538be5c9eb9c1b621616f
SHA512

429332b4831dbde799e72a21b30ee4a08b50ce4ba29e6c31e49ded978080b77c20a9f8aa170e7fce1dafcf71fe5e6b140200ae01892fab8e27922cbbc2b1063a
SSDEEP

768:8+1pHvvCIoolg5nZoWG54QmHk/nm9rqS/KQp/5M:8+/Hv7oyg5ZoWW4QmHk/mXKQpe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
3536	msedge.exe
3536	msedge.exe
1092	identity_helper.exe
1092	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 1288	3536	msedge.exe	89
PID 3536 wrote to memory of 1288	3536	msedge.exe	89
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 4012	3536	msedge.exe	90
PID 3536 wrote to memory of 1108	3536	msedge.exe	91
PID 3536 wrote to memory of 1108	3536	msedge.exe	91
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92
PID 3536 wrote to memory of 3744	3536	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b92d4f6fb8289a3f25692fe0428ba9c1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff897b846f8,0x7ff897b84708,0x7ff897b84718
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7689454122698846324,851103912794526968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e8117edace7df18b4d453d2d34871b12

SHA1
6f3c1ae9630ab0ed0e0211e832918619008919f6

SHA256
9f1a5413e640eb6f01ec938a26b9d0b74e9fb26d068a01219e70e88d52dee409

SHA512
c03560693f4dcae33d48209de32258ba412882e09bf51fb8b719fb46dc92211638ab801b3548487bb85190f8506e018d3d3a3bf2e337a389a67c240ef5290210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
56cc9f20afcaf91f112c245de0a3f3c2

SHA1
72ff42a0285c6c1aae396f6fcfe8c517084df632

SHA256
ae556bb244924f5202b7e773e0f14f2b09cff72b8b1d4b90a07b22c1468e084a

SHA512
19ab696cc4549665dc6e375a87acb683f0c89e0eb700146123f2458fdbdb89af1dffe8ac72e45b1300aa82b39cac7ca70666454bf647664b05ebe774738b5ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
611c6d7a4aab5f1e00a2c4c532216b0d

SHA1
abe8cc7da2af70d5aa1c7355c1a3becd11907b5e

SHA256
64f324fbba6e784c8684e15b97bb69425a09ef121de9b1084da266610232976b

SHA512
99c5cad0e8448ba5e0e3835348998ea980edacf5356137c8c83246a72d7a8a1593cace28dce94438e90eb60ee00c8fd41d5674c208b008002e027140067397c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9e0eba0e12b687344b1cdc77014669e

SHA1
ce7c17e2209887ebcb66fb07f0900c31ce8d7889

SHA256
dea43d5d4a74286b1a38116c990d499ea2b598eff395dea088374969839845b2

SHA512
178fc756169870a8cdf0ba10cc6bad9ec82350cf0674ac9be8e101a8b919a0f54be781d5266fca773eac9c78ae158b991bed2018b6719766915a218b57c94fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdc8ec47ea5a7d4f2e8dcaeb3e1ffef1

SHA1
bdbb3361338940bf95fd2e5b96fcecb548122eac

SHA256
5589d3545d2a306c905852c77658f6c2faae18f9e188c09e6f18f58760419954

SHA512
68f042e44c0714c4ce60f7e597837b4736b46c774c050f77d7e113f4d2ae1a5277f699270279e9fdaef3771d4742429a6f826c313ee8db9eabe2174da9d1a8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83fa56ec8aeeef4c77123a0d743bd933

SHA1
50876a5679715975c280ae6acb36a74a3fb1056f

SHA256
d2bee38a5786d7f3ea4473fd70af5e034457c27d8acf824072b9825679432392

SHA512
16c6084af43582fc8864538c91ab1b5c2ea174ae8f577867a9d1e58eee4b02c6722bc413bfebdd1fbee2e3daa1894344ee1bd1692a0ee12167d33b11e96012a6

Download Submit