948fe9c4487d95781e7a19b762b0687cae8828ff1f6c3ef698ce7fd546fda87c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd8a6af158ee1560f193f64dae864158.html
Size

322B
MD5

bd8a6af158ee1560f193f64dae864158
SHA1

1bc36b72d6873a11e013343304cdc08064663fa1
SHA256

948fe9c4487d95781e7a19b762b0687cae8828ff1f6c3ef698ce7fd546fda87c
SHA512

ae05f8b368acf9e1e798f34ec4c1f2cc2266a2ed8a16ab9201285ee86293f9bf42e497eca72d5efc6987c1b1d62da51318ee4d4151ba008cac93c646b4b244b7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2776	msedge.exe
2776	msedge.exe
1028	identity_helper.exe
1028	identity_helper.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 396	2776	msedge.exe	89
PID 2776 wrote to memory of 396	2776	msedge.exe	89
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 3152	2776	msedge.exe	90
PID 2776 wrote to memory of 2468	2776	msedge.exe	91
PID 2776 wrote to memory of 2468	2776	msedge.exe	91
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92
PID 2776 wrote to memory of 1496	2776	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bd8a6af158ee1560f193f64dae864158.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3de146f8,0x7ffa3de14708,0x7ffa3de14718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,11389497597469723839,1329438386603272928,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
0697119a854db996e2e4958d55767306

SHA1
3ec0d3d5304fddcf0d510f460a60e7caa748bf6b

SHA256
c187513f19c61e169e2f640d26fd69f01ebf0e8620513170bc5396a4865ffd95

SHA512
ca51786fe19f8b1ca767654187995a6b2025c8b64391b7f938e44540288d1480e5022beb69ae620464d638e88a632c47438d0c0373c23721b5594dbfeb2f8d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03260f056144d600f04b6b8a6886fbc9

SHA1
448baa3020e2529b4c063d4cf10513c2124cd52a

SHA256
3d884d0c212d1993111b3205ceb2f73d01bd0e4ace5456429cb6d548424fe643

SHA512
5b081aa0fa9380bc47e88f1eabff4a56937586b3ea7a2711f69b19b08a585375d6620fb5cc94d35b99b0ab9d6fba4ab03c054767e74968cf58699bc035ddfdf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0f0b007213f57c4c90f4cd324d62b90

SHA1
c791bcf4a910911ea9897cdc730e90357ddda614

SHA256
8b5c9ffb67be91ce186c2ecd65c8d8b1e52a8abc44f2679d238153e983196dc4

SHA512
b6f1ba81e5c7b4b2f63d70bb2d7257b3914b57421cc9f0a7e8abc4311f7283da19e1ad2671ad448e633d9f70747481748a1b79d77ab93dfc26a4f0aee28376ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
add1d4d0f8091cf9e3789c230026d64b

SHA1
2b21e7fbb05023ea4db2cb78867a444a5fda594a

SHA256
54162df220168a916392bc6f4715e56e8e423b73da29646e85593da761a47328

SHA512
fe8d440033bb84acb1590f682bc532ffbfaba3c566cd668ca8c0fc7ff1c0d88758b8015b6a3b61190a47df4cdbe88282d47d0dabafde68ac834875886a4ada09

Download Submit