Overview

overview

1

Static

static

1

bfc16809ab...6.html

windows7-x64

1

bfc16809ab...6.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfc16809ab8b143b67baa1032f017ba6.html

  • Size

    1KB

  • MD5

    bfc16809ab8b143b67baa1032f017ba6

  • SHA1

    94564307dd787d365c1308cf7b58461335fa63e4

  • SHA256

    c2f19420145d084784694098da4cc1510ddc041fa687edde2a8c5d47226c95e8

  • SHA512

    4a33b02bb8abf7355add6169ec9940519df65e1627e89b4cf67cceb21a6b95ba1dc289e2d9f1b5bac48fbbad984248ea39b5880bfad903a2ea258067ec4f5ddc

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bfc16809ab8b143b67baa1032f017ba6.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3524
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe134046f8,0x7ffe13404708,0x7ffe13404718
      2⤵
        PID:2472
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:2080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
          2⤵
            PID:3564
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
            2⤵
              PID:312
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:3116
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                2⤵
                  PID:1344
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4932
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                  2⤵
                    PID:4892
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                    2⤵
                      PID:3604
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                      2⤵
                        PID:2108
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                        2⤵
                          PID:3932
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8854123654758320762,15445447961720560733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2088
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4400
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4152
                          • C:\Windows\system32\rundll32.exe
                            "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                            1⤵
                              PID:2924
                            • C:\Windows\System32\svchost.exe
                              C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3712

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              cbec32729772aa6c576e97df4fef48f5

                              SHA1

                              6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

                              SHA256

                              d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

                              SHA512

                              425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              279e783b0129b64a8529800a88fbf1ee

                              SHA1

                              204c62ec8cef8467e5729cad52adae293178744f

                              SHA256

                              3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

                              SHA512

                              32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              d0c951a597987e18cfa4638feb48c7f6

                              SHA1

                              8c44cab2ca9e2b565ec444ae4002dba9a028f15d

                              SHA256

                              3fce5c42de763634eb497c0b7e49c00ab4230ee22ef60a35e6b4b5064840e10f

                              SHA512

                              7c61350a46a7604291ccf9024b212698519420e57b3c379293aeed0baf159dc05e1f407772fdb160cc43c1604c50de4728aa2296cd949581f52a9cf09b0ef346

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              db6cf110d7d490b91d48d76e0e4b9250

                              SHA1

                              217b329c180528796ee681f9e9b18d8f9f28bfc8

                              SHA256

                              ae56933690d07f6043a0db9e6cabd42839401ad910de883a053d49131bc76ccf

                              SHA512

                              96053bf909684e897e4dee8152d63457c317b6f417f97ab95873f84964fc9098d8d329db2186568d9c46b5155e7d09093ef877067fce650b6ab1757e38c01f8c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              0530cec3de3ed997e9ee24f063db4813

                              SHA1

                              85e1395813360b31e9552d2854c142978c119d2e

                              SHA256

                              ce6c4138d440909f86feb4af5049714f95bdd15fca97f5f9fd30a5caa93a2457

                              SHA512

                              5e91e9c1fc928a9c72a3bec752409f5cba3082eb87b4a3b8a873e4470a69b897aeb1cec7db8b8ddd45bd4d113194cf1f1a1f07923968f23f62ac6f57f28f8c92

                              Download Submit

                            • memory/3712-127-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-131-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-122-0x000002BB68F90000-0x000002BB68F91000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-123-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-124-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-125-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-126-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-90-0x000002BB609A0000-0x000002BB609B0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3712-128-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-129-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-130-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-106-0x000002BB60AA0000-0x000002BB60AB0000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/3712-132-0x000002BB68FC0000-0x000002BB68FC1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-133-0x000002BB68CE0000-0x000002BB68CE1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-134-0x000002BB68CD0000-0x000002BB68CD1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-136-0x000002BB68CE0000-0x000002BB68CE1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-139-0x000002BB68CD0000-0x000002BB68CD1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-142-0x000002BB68C10000-0x000002BB68C11000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-154-0x000002BB68E10000-0x000002BB68E11000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-156-0x000002BB68E20000-0x000002BB68E21000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-157-0x000002BB68E20000-0x000002BB68E21000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3712-158-0x000002BB68F30000-0x000002BB68F31000-memory.dmp

                              Filesize

                              4KB

                              Download