Overview

overview

1

Static

static

1

b95c5d8f95...a.html

windows7-x64

1

b95c5d8f95...a.html

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/03/2024, 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b95c5d8f958eed6ba948ca0affa420fa.html

  • Size

    51KB

  • MD5

    b95c5d8f958eed6ba948ca0affa420fa

  • SHA1

    c6d6ac719469a718844ac346e080ced2a30e574b

  • SHA256

    2d04cb0d48d6b9eee4d805e413af8d5d24539c6a35ce8029a0f7b21bedfea523

  • SHA512

    34b4a67d5d9ed2bdc0c4900b192b39a2104207866e9e89c23c8d2a8f12de91d508096a1452b1f700c6b5a5d7110c9eb5a6610019a4e846aedde5c4270df2eeb0

  • SSDEEP

    768:zcGxG+qGN9T4GFEAtGxynFSC/KK3/LFF3bEt0Se5zNR2YMGDHf:zWGN9UGFEyfnFSC/LzFF3bEt0BNz

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b95c5d8f958eed6ba948ca0affa420fa.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe133446f8,0x7ffe13344708,0x7ffe13344718
      2⤵
        PID:5032
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:4768
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4088
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
          2⤵
            PID:4256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
            2⤵
              PID:2744
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:3272
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                2⤵
                  PID:3780
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                  2⤵
                    PID:4024
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                    2⤵
                      PID:1672
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                      2⤵
                        PID:4092
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
                        2⤵
                          PID:1356
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1084
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
                          2⤵
                            PID:4784
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
                            2⤵
                              PID:3732
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                              2⤵
                                PID:1356
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                                2⤵
                                  PID:3780
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16874790004960330536,15558912976076182157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:6008
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4848
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1804

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    cbec32729772aa6c576e97df4fef48f5

                                    SHA1

                                    6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

                                    SHA256

                                    d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

                                    SHA512

                                    425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    279e783b0129b64a8529800a88fbf1ee

                                    SHA1

                                    204c62ec8cef8467e5729cad52adae293178744f

                                    SHA256

                                    3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

                                    SHA512

                                    32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                    Filesize

                                    21KB

                                    MD5

                                    4270891730df48beec95782755f2bddf

                                    SHA1

                                    542a7aafb3b04814349565f39ec419f36947fdea

                                    SHA256

                                    756221d34900d2995ab8b653808ce1ea6423a582638908699903a19ce3a8e53d

                                    SHA512

                                    91c508955a0bd4426b6cb8b6f6b8fed2ca6ff7ace689cc44638d8c698cd0b61d0b29bb6d6921408a496c6c6e2cb956876e8c3c8d9912608ec31bd81f586efa5c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    96B

                                    MD5

                                    a603679aa95974d72dc35b2ef12ffd2c

                                    SHA1

                                    67f46d591a4fb44a34c84ab802f7f4469423143d

                                    SHA256

                                    beea8596ee492de82548e3433e1ec2e363aa42c21d049ee914d5b85c4114eaad

                                    SHA512

                                    938c6eac743a981e26e1adfecad016df0cf0a76fa48d58899e5b82fc6acb2e80fb6b54efe359f7d4f77ef7d004bde347e29b28d88952fcee0afd814f58069b30

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    1KB

                                    MD5

                                    21a332c9f05b610a0c49a39564910760

                                    SHA1

                                    267890b8e22c80e8bcfd042870b0cdb3e02ebf37

                                    SHA256

                                    d34101d709a6cb948a02e2fc2c66dc0fefc81ad5456cc14c37454d8cbf33e066

                                    SHA512

                                    73833dccc765e50873bbfc6c42671fdff1bd530116cf562d653c617057a7b54e5574522a5b390c4f4dc4ab2aa8b19d00c9c1baaf52ac332e766eaadcc9f8794f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    d37a1bbf82d33ce521b2a5b1625885a9

                                    SHA1

                                    b23e596b043e76c0711fe39e2f4ab825251adcb1

                                    SHA256

                                    fdfd4c6c508d65428162dedac33a623f51847e016b84e41fd2306b76279c3b32

                                    SHA512

                                    67a43160f028de4056f2ebc2e5b981f9245dbcb4ef10434205e61c6f87bd3ff84a0558780fad2ffbaad652e3b8114a604549df23513bbd1e12810b65a86d1d10

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    52ba2cc9e0a334fe26065d041f1933e9

                                    SHA1

                                    769be4d976b9291dc8caaffc30dc42bf807e9fb9

                                    SHA256

                                    4703b600843ad6dbf955c971df8098f718f17a9e6ade2b802ae3878a9159f67e

                                    SHA512

                                    bb1d99017db6a0c2faa32ced02906a66e01374fc83f4e15251e1ecb9e92c8f19f695ec5374b91c22cc067697e71ba6bbe7e8780013a66d97f0bd99e7c73725b7

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    87f7e2f5319bd57903de54a7e0e76d8d

                                    SHA1

                                    05991f07b69c9e8ec5517e7c1247c0eb41d53428

                                    SHA256

                                    106c2da8ae20c207c31d9603c01364cef91ce6e481683d67054c78148a7fe286

                                    SHA512

                                    99acdf25fe3cf091b5d33ff15af6772f9cb89b91490aad02056c4878eb2765e27a91bdeb8628ace02145b042b6c3c06a3608b86ea7b27b7be7066be4ca34a662

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    7KB

                                    MD5

                                    bbb7641437a7c68199d170250ed1f047

                                    SHA1

                                    7e8f77460b8eb5b07869ca9e10e6ed1fbb9d763b

                                    SHA256

                                    bbecaf3ec7467a0ec5cfbe309108af06757861b2b5f0d1acf10bb04b695f6392

                                    SHA512

                                    3269da48e17ebe47b8a1197cf7827e64363cff6bc357972e8116780e5e6174f35d1098562978ae13553dcedb0d5232513f7d63bf7ef7c59080b3764cfd7d063d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    41824282a09ac1edd7c6b8fcb225ca9b

                                    SHA1

                                    4742b38e958fd9df97404776ec7edc86c075698c

                                    SHA256

                                    77fc9e914b1f36db98b82e4da1c222aafc1978d992c3c971525df2ca9abb72db

                                    SHA512

                                    7149188d4f74cae6b906d958187cec1ecd21ef41d406d41846ea4318c96977ad869bb320ad88847653ada274a8677d56d8250939309b71a6bb7251d7986ff151

                                    Download Submit