445fabb86c48017b4997520057de1c49a1e218ddc5b8d84ce9df6702dced0475

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 14:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c0de579318bed5c092eab2313206aa7e.html
Size

3.5MB
MD5

c0de579318bed5c092eab2313206aa7e
SHA1

d7a79516c081940201215f19982ca9186248c6de
SHA256

445fabb86c48017b4997520057de1c49a1e218ddc5b8d84ce9df6702dced0475
SHA512

15362e7bd3a88b649fe51af9a98daa61f5b3fa9784c811363c961eecc3be940aa77f483841b90443fee8a66c48c2980b37533c112ef3d45cbdb66e20286560e0
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nf5:ovpjte4tT6N5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
2072	msedge.exe
2072	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 3528	2072	msedge.exe	88
PID 2072 wrote to memory of 3528	2072	msedge.exe	88
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 3252	2072	msedge.exe	89
PID 2072 wrote to memory of 4224	2072	msedge.exe	90
PID 2072 wrote to memory of 4224	2072	msedge.exe	90
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91
PID 2072 wrote to memory of 4856	2072	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0de579318bed5c092eab2313206aa7e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa387646f8,0x7ffa38764708,0x7ffa38764718
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,199918044841730074,11238095224611186303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\935cb99e-3777-4a55-bf84-2c84129382ff.tmp

Filesize
11KB

MD5
8c68200a3e6c855720c09b97c33c5cf0

SHA1
a6b287606ac4447deed41212d3ebe80136b547d1

SHA256
57a276b99447dced8e151a29fc500871a90f10a23c84d2c7b9073f99a60bf6d4

SHA512
d10798371f72be46f178d6bb41aac1387984f25dd2ed106562fb29d7512c146af218bd6728f012d77ee473c9ad3f692e3295290835efad82390718597215c359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
fc2b479668f224110e12676a815523c5

SHA1
2dceabbd16cc11fc963bae5e5a32211f93181e1d

SHA256
16a2dac673d8cf8687242a4c3e91e12db306e3274dc4f1432d1dc2a7fe046b3f

SHA512
ab2be98ba3e66e2fa95d304ae827efc61dd251a49267053e88d99aeec584c679d4116f80a7eedcabb45c1c53abfdd4b8a95d667530dde1cfa3d5f81303a64cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a0d4dc25097e9c06071b31fa99e6ad0

SHA1
bf5930367ee4f8152328e1b4b9d9a60c54eb5183

SHA256
61df8d8dc4323de454dd891adb2a5a193e4b1044ae15496e150f37c3c5ba372f

SHA512
33e630b07996ff7b54df0eb7ad065af1dcea5793b2562db151efe9e9d46d54b931833dffa2533a10fc2db77a68a73b3f7611cd10419a84d3dbe2511a7cba500e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19e2ed98ec3eef2964e9388d774d12dc

SHA1
ed79a321d43192f71da1280fc4d3e52ff6139b99

SHA256
c34122593ca8db982451e43305f04b4cf3ca7cdeeb88c4a43d509c539428c054

SHA512
35551cdfb123aa35439c207ad0996f9caa9c72a15cb661bd5a4c5e1bcd68cf189a4d64059fdbafff2dcc113816c753e081bdc9efb93d20bd6b23563eddd56307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit