e765577e35cde9128b11771c4ba57e3da8469579c9bad304e03626ad91414694

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 09:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bae52706154f37293563e44cdd347621.html
Size

53KB
MD5

bae52706154f37293563e44cdd347621
SHA1

5203694486f7abe7843e5b6c671659562b7672d9
SHA256

e765577e35cde9128b11771c4ba57e3da8469579c9bad304e03626ad91414694
SHA512

6bd954b443cc48c9a2520836b36612e130ac069815077f0215743533471d65db23bc34938d30eb007eef9df6b99140aa1ae0d6897f1148c1f4e5a2299163d52b
SSDEEP

1536:CkgUiIakTqGivi+PyUTrunlYG263Nj+q5VyvR0w2AzTICbb4oP6/t9M/dNwIUTDb:CkgUiIakTqGivi+PyUTrunlYl63Nj+qL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
4980	msedge.exe
4980	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 4536	4980	msedge.exe	85
PID 4980 wrote to memory of 4536	4980	msedge.exe	85
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 4820	4980	msedge.exe	86
PID 4980 wrote to memory of 2092	4980	msedge.exe	87
PID 4980 wrote to memory of 2092	4980	msedge.exe	87
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88
PID 4980 wrote to memory of 3976	4980	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bae52706154f37293563e44cdd347621.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed3dc46f8,0x7ffed3dc4708,0x7ffed3dc4718
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13356172063544234031,12975926314825756258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
8682454a9372e3261b760f5298ca61a1

SHA1
5619152afe6e9aeb56402753ac977899200db3bf

SHA256
7d9015556b5828effbe1b1f10ff6a83709f04be8666601d3acb1780942ac4d59

SHA512
712d5ffcdaeca3326da6f0539f70fa0d3bbacfbe627439fd7a2a3c8286f86f61359bcdd45faff68d4d0678d0a97d919984eac4d1b9c989d7355cd6373f1f4e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61c5348adb1a5f1a7eabdff39e72d21a

SHA1
a7e45be552743e404a9d994abc2fc94d1eb1e777

SHA256
fead2eb6d5ccf4713e3359210202029fcc56a4223dc6b3efb2487e55c8753356

SHA512
d776efc8eda0fd3230cddf972fc63c4dbfbd01fdfee21eb1b158cf264fbf7704a4f5700744e68e4ee02fee87d3171c4db955d5b5f43a6003eb109066ac8704c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9552718a56c77e10499aa9d8a1bd4c63

SHA1
ae8ed9762bafeacb4378b3335690e7160b8a3db6

SHA256
d4bd404b1cd42e2e88b4b9fc28cbc58205a0106b13b87311a860a7fc37e0e1e5

SHA512
e706fb8bd02fd2cef5aaf063678776aa5ac2dbffcf176b36a6325b0534f20042565eb36a6248b43eff71d63f79e363ae9a6d3accd940e29cc376d2bc73193f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
317af18d8491d6c5cec9b02dc4bd361c

SHA1
818db8a6145f30c6135aafdde60f0f2fbddcb9b4

SHA256
82f0c463ce5685c098f791f287cfb6b8868bbb8652ef72ff1e7f3b30bb9b42bd

SHA512
cb50208c2aba852156df43a1553421315e4c417c8e0ab4e0881c08a6644545553895713c00d1de7b165119c9b8be806b43a737f1653fcfa5c5f8d65ac4a10afd

Download Submit