dd7b86a2b2ccc5a5fd9e3c38c6ec252a963e505c8eccc240add951f992268644

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0a703e4c0efe229d001b7b4f5d6fa93.html
Size

10KB
MD5

c0a703e4c0efe229d001b7b4f5d6fa93
SHA1

4f67a53151949fd4ad9f070c1e00330555e29207
SHA256

dd7b86a2b2ccc5a5fd9e3c38c6ec252a963e505c8eccc240add951f992268644
SHA512

3d49c04792b4d66e77e9a8f0550d67aa0ac1548ee80ff52d7328b0d94e8d94cbed7bb52a597511048c0f34a08e036a9bb7e5b74eee662c02ef5525792a1684ca
SSDEEP

192:2VhlIsr032L8k/w1whqJk1qBSpnnawTPt01y5uBuLbdU8d:shlIcu2d/g6qBSpnnawTPt0y5guLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
2448	msedge.exe
2448	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2920	2448	msedge.exe	88
PID 2448 wrote to memory of 2920	2448	msedge.exe	88
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 1080	2448	msedge.exe	89
PID 2448 wrote to memory of 4812	2448	msedge.exe	90
PID 2448 wrote to memory of 4812	2448	msedge.exe	90
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91
PID 2448 wrote to memory of 3376	2448	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0a703e4c0efe229d001b7b4f5d6fa93.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbca246f8,0x7ffdbca24708,0x7ffdbca24718
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,3825248447509816423,7256209007895023866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b9f40dd2c9be790ba9491652e29960bd

SHA1
fdb03f78bce3ca67a9620cf266899bec769a2a9e

SHA256
ff4b78fa03599434ed3c6fb5374bf32532fa0e7f8bb28f3fe2598ec8dfef4a05

SHA512
7f081b1446730894198cb33081d2df789b74a9ed67eec1b810520d51ec7ef26acb75f5f565647b84c8d49f90f989c5b11d4e65186051ab667fe042731c1bbfe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f79c136175b1ed69aff26af248e88579

SHA1
d8b1810a6309728ad9ed1bd2b413aeb250f31d4b

SHA256
a816fe61d29df334624652ee2b27561a0f823fb369178899bf09ca4cc74a4395

SHA512
b4e6686017c0fcdb29813b91f0458a2a8cefd214c048fe5f9b6a12b999e100161156843e370802035acca8ed5fbba275309e63cb785a828d0f5c80c2e7cf1656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84e9c82d01d11d57f55b3af20f06f8a4

SHA1
5f3cb655e916f6a8ff1d0b000cadee636737062f

SHA256
75c7a508c0c7e13d83d5a52732abf1ea83f9aef7092a3ff59cec8bd5628e054c

SHA512
e2407e860f8fb34a78093161e516e288ed4b3e9128708403a0b1d009252fc7093934c6219deccefccacc25c58dd67d9be3b37da559733d7851f1ba74df9587b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a2f282f0580be3f97ea0d7b4bdc8166

SHA1
ebe142b8831d6a39495ccf19ce64044c29313d4c

SHA256
cf6994be026bb9b42fc417a44d6086476cdb0c4dae56afaa6fdd97ddbec16288

SHA512
4c1e16d591348f3bf91cdb0db87ee1efa700bdaa9cb381f8a406ae57df1c31210298c13505ff0c6947e9c2c71829ae256f90a2181b7b1ec44b73724921217673

Download Submit