66f8aa6e0c703a6a7ab14c5acfd22eb51d636a7d89a3a22de8153d75dd533dc0

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf2f0c347280c4e4d38c68c984eb8107.html
Size

13KB
MD5

bf2f0c347280c4e4d38c68c984eb8107
SHA1

9acbff9b49f55b96b7ff2df6dd51435f891926a3
SHA256

66f8aa6e0c703a6a7ab14c5acfd22eb51d636a7d89a3a22de8153d75dd533dc0
SHA512

1a4e756d81a9284cdef7ef4d2b0189b74ee9e3a17eb2eed1a05680a548f836bb66f23af093719264b64fa8a3c6c1aa4c74a2ad048817b5371eac34f9c2b71d7c
SSDEEP

192:49KbqTcUkARSh0/foqzCY1zRHciXxCWCdERUGOCaNOjHhO9Y+wLlCYC/cLUaCOCt:4QbqTcUpvByD9t2HE9Y+wLUx0onbRf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4384	msedge.exe
4384	msedge.exe
972	identity_helper.exe
972	identity_helper.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 412	4384	msedge.exe	88
PID 4384 wrote to memory of 412	4384	msedge.exe	88
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4396	4384	msedge.exe	89
PID 4384 wrote to memory of 4128	4384	msedge.exe	90
PID 4384 wrote to memory of 4128	4384	msedge.exe	90
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91
PID 4384 wrote to memory of 4804	4384	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bf2f0c347280c4e4d38c68c984eb8107.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06ce46f8,0x7fff06ce4708,0x7fff06ce4718
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13146588561673873447,8268387062925837000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
6a5558ffede3b7f1cf43b74bb240d24d

SHA1
c3f8ef19e06a08b8ba0802898d25bb37a6b6c1fd

SHA256
475ec9f5375683d48973c236389d2a960c71b96fd8bb66ad6a0e9fdcfb49e8ce

SHA512
b096066e14e696e4da9bd0b74a5803151e8038e95d08da96727cf9158aec7cea4da13b069c058f46179949c9438ccf4290e241422cd925f0389ed08de76be49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1f33badfdcb82fbd5d2c8f95c7298f5

SHA1
0022e936898ae708fe2c51000085c88e9bfebb50

SHA256
acae64405b2bfd7402e54fadec6ebb3a688fbc3f71d3d4fd4ed65aefa5e0b394

SHA512
799c839e3b7d048e392480fe61ae49421349d0b55151e403ac7503e218e5825e1d7625e02fbd0625a83433dcfe3da261d67fffe0fccffda354d3f53ecd70f5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d3964bf5f2a06cbe8cf6b9d25c75c76

SHA1
f5c6a6377d13c092405b0f349fa731fc2c9fa944

SHA256
29107b24b8134358a0959203e12a9bee265a405c4253ce392b39c3989dc27aa3

SHA512
4da042fd01cded0779bc750db295865375aedf1685a5cf4fdfcb91595d02954c9fe0ba28d848b80e21261b5c18323efd6e800183c9e5c99b9f0c329fe7056563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
380b379a929e388b1832aaf99973ab10

SHA1
ad32b0fd1468a2de5350c18351a7a75e48250f64

SHA256
f5d2c3797eab90b864ebde8c2ca7e4bfcc20cd0eea6c7649013ba2604a90b45a

SHA512
82b746e5e58d4f5c114df1c4a54f722967c586869c6b0b9ea81de848ca13cf97fcd69854eba8f64eaa4e98d896a9153d6b4dc79ade1252e700411711f28a4340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cf597e72-9311-4999-8e92-a0af690e5df4.tmp

Filesize
11KB

MD5
1b3debb400e3bc81a446b98fb15eddc9

SHA1
c5622c316da57c33e73f65c962969803e42ec9aa

SHA256
953f9bc3cc438a9d83b97670381f0a0a03edb2e45328588f9f65a22de60d5320

SHA512
f0d50f29e5cc35e5a215cf2777369970595e1bfad54078ad131ed6b53dc20073e713d7cddbcc5481d62a5a83e46ec9c83574ee21e81457620025f09bc5fd29d4

Download Submit