Overview

overview

1

Static

static

1

bee22e5713...9.html

windows7-x64

1

bee22e5713...9.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bee22e571340c4e9658beeab174022c9.html

  • Size

    15KB

  • MD5

    bee22e571340c4e9658beeab174022c9

  • SHA1

    bd38d019fb2ef7c14bd83d97b5d0f821282ba738

  • SHA256

    e992e527bd98a4993efdb000e4a9b4999bd7d6d8568846751b1fd8719c1a8c1e

  • SHA512

    06bdb29dafddd4151e10fd0e42a35bfc240e347293ca9dc5c7833596de93238053f3b2063c8c9d0e3e858d4f691fe1484af49e3ad7da34dd15ad69647e4fd26b

  • SSDEEP

    384:04fwAKwV/t/3PP5eIwyaOg29uRw8RtpBDo/hzvhA+W1axOSGrux8SpOZyYZJ:3p95NVZgNw8RtpBDo/hzvhuwBx8Spc

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bee22e571340c4e9658beeab174022c9.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec85f46f8,0x7ffec85f4708,0x7ffec85f4718
      2⤵
        PID:392
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:2844
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3144
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
          2⤵
            PID:2676
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:1652
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:3460
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
                2⤵
                  PID:2352
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3108
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                  2⤵
                    PID:4924
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
                    2⤵
                      PID:4716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                      2⤵
                        PID:1084
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                        2⤵
                          PID:1980
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17053248767822103739,17016907497882328901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5568 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4404
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:1680
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:1200

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            cbec32729772aa6c576e97df4fef48f5

                            SHA1

                            6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

                            SHA256

                            d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

                            SHA512

                            425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            279e783b0129b64a8529800a88fbf1ee

                            SHA1

                            204c62ec8cef8467e5729cad52adae293178744f

                            SHA256

                            3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

                            SHA512

                            32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            180B

                            MD5

                            e75179806fdb60b3337e8cd5b04cd6cf

                            SHA1

                            434a695c7607996cc4d1a0698d9214afe4d9fd38

                            SHA256

                            a121c6f8b11a0682ab639049f50ef2a1b00b3a2a565d7686cc64f501056b7b19

                            SHA512

                            e1e2f888005696fb33453f369efda963c71c15270338db02d812a1ad503c1dfd2a0f693c3f6a02ca2abb7cad631524b0481141646353c7b39adf44b09bf8464f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            d4e00ca4d90ed409f17a5c68f354e200

                            SHA1

                            1dbb29045f23d99135a9421622ac0fe2b92a1451

                            SHA256

                            0b6eb6d3f1b73c8c2ff1889326c63abceab3ee5c83414a24e14e8172e460413e

                            SHA512

                            81ebaeaea17344bb89ca5632397c02099ca5874e5d6bf23d6393dc576b442d433f7a24afdc227e3dc7fa2befa7943cc7a8e684df75d1baf13290d09cb4e0be62

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            61092696999c06fa5c00496c4327c186

                            SHA1

                            3b1a01da1edd8e6203030ccd68d0c3e937ef7787

                            SHA256

                            25c8a56c1d71349a29ffc190e5316a25f713c5111cdb03e5ce3c21cd1d7c7f92

                            SHA512

                            6d40e8b0f0e8203346293f0aa0e50fc163c9d761cddabf3428908d495973bea6369c6c2d0b6f9eadb63f35654009aa17d40da930c6e37d9c59497a4be0cb81ef

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                            Filesize

                            370B

                            MD5

                            0db0e07003cf2bce523f1dca0268b3a4

                            SHA1

                            ae7502963553d2402862f0a001b33b27c4b9af54

                            SHA256

                            842bc52a3d6d12946f7039aeca6eca86accc7a550a87a14dae591c205839340c

                            SHA512

                            441f3bc72182adce3947b634e33bf190f8b55e1820e0bcae787962443cde05b1667539df08f45816ce697b618c242ea54eded9ebf8d8c7b2eda106884e1a1528

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a3f1.TMP
                            Filesize

                            372B

                            MD5

                            9c73cb5cd0d8a68a2f67b32cc13fbc64

                            SHA1

                            955fe2ecf6b818f1357c3cad6d7a061358e22889

                            SHA256

                            857c08f9ad547626a8f9d4d368654f47e4dcf2a318c56f32aa35a9e410579bbf

                            SHA512

                            253c71e9a6e674cbd9a0f6883b153fd3ba77e94cbab942231f0f70c2b60954ca977920b0e79002ae1ebf32647208c5d9f77cbd306e0ebfa59cf83b256e164ea7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            12KB

                            MD5

                            24c76cbbdbf15882cdc1c0755497fe4b

                            SHA1

                            68a698f5771f189ee3965e26644aecdb07e9eab7

                            SHA256

                            5c5c0f46d84c923054f1e4d274d6511bf4434c9f29c813253e5ea477bde97af8

                            SHA512

                            96eec99bc04e243adb313ef61f54fce62381bbd8817649e38674916fa4ff0f74844c4cd042581c0a1424730743c253e93a657b06e2e33e6ee6870c1cfd0434f4

                            Download Submit