74820eb95a30a204d99a1ea795a4cd4f379a890b57e48e284d3c41b65bd7bbb3

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc94186b62ca8d2dee1f4cecbb37a938.html
Size

5KB
MD5

bc94186b62ca8d2dee1f4cecbb37a938
SHA1

f11832e3a85a8cbc2534c710c3d8278f8d23fc81
SHA256

74820eb95a30a204d99a1ea795a4cd4f379a890b57e48e284d3c41b65bd7bbb3
SHA512

1ce82265a55fdd259dc4ad5a1bbb8294a33b8a29792cca8a20dd4405b23d74af41737bf26d928db7e482805e5e9f5622f2b2d659ebfc434b86196b4a152953c3
SSDEEP

96:SIh/Ren0+PF+X2DPqYCX3C1leQpnbkYEtdQaxea7TYc9sC/rkl+YCbN8Q4P6tans:SIh/kn0077qVnC9ax7TR9PAlzLQ42GWF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2232	msedge.exe
2232	msedge.exe
5552	identity_helper.exe
5552	identity_helper.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe
6020	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 112	2232	msedge.exe	88
PID 2232 wrote to memory of 112	2232	msedge.exe	88
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 1684	2232	msedge.exe	89
PID 2232 wrote to memory of 2680	2232	msedge.exe	90
PID 2232 wrote to memory of 2680	2232	msedge.exe	90
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91
PID 2232 wrote to memory of 4624	2232	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bc94186b62ca8d2dee1f4cecbb37a938.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88a1746f8,0x7ff88a174708,0x7ff88a174718
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9045748108976175943,3591758332750837168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
379B

MD5
23d7df61b7cd0717edd72be779633516

SHA1
8c096470f6ce3c759447fb720333b1c24916d72d

SHA256
da963e7605bacf7e2d9be692091d55344658d5434c65a91cab81aba032a7d661

SHA512
212914a8a4c078a2b09e1991db40aeeeb35ac7a84f0847668209cc865f242507210afaa683ed83a7b102099fdf3032ce4d46ec7dc61ddb2cb117da93cdbe4700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da10eba3d452c4800f47e7db7dbc838a

SHA1
72164bbf16a0a2d44db43f676ed88f76d835d4c2

SHA256
466c42f6784651f88a64b92b7197a33eb484fcdef3978647eaf0222fee962d6d

SHA512
751d5b515a954aa328aecf3485c8ac0f583ec330e883d8d60905badea79ab0b551a7e2bc3f38eef13044d2912e1c9d27ccecc89c7b9099f9f22692614680b3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc8ba39f-7a90-4905-b558-aebb9133b8b0.tmp

Filesize
6KB

MD5
926305a98a983bfd9fcba2c16fd57491

SHA1
d126978b9e6dcbee90bae03eab1fd7a093c61207

SHA256
831bee6724ffd2ffce2588e7c0e3363fc80d59e83a1530cfa56cdd800d8d306d

SHA512
c44dd6f5a1dcf4750a54c30ce7088ec38dcd4756c27c19985f0baa29b69c63e0ae24c3f160a6ca755289dec96fe9b25b3725096f291b268c5de979b04e599ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc6abc1a625a22a03a90ccb716bb65ea

SHA1
18a0c265fbfadd0a95787e7ae96811632b689655

SHA256
18bd3538ebf8a41b308f1b310993e1dbe37355bfd4c8350d66dd2cf937b8fc81

SHA512
b1c924a9e7a16f7b503eb1a46f5757451ea5ab171dc632c77d8fc3297bcce603f0a0d03278adee9e5d6df3eeb76ffc88152d26a34a5791d5dfb16bff7aef3c8b

Download Submit