036bfa25ea040bf22bb7b2164a7d0331b7c332d4b2075c7c605e5ab99f1d67db

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2b05f9522131e64f63cc94bce4fb91b.html
Size

43KB
MD5

c2b05f9522131e64f63cc94bce4fb91b
SHA1

4f04cfd3f95a55f2e578572091a09fb6eb746a89
SHA256

036bfa25ea040bf22bb7b2164a7d0331b7c332d4b2075c7c605e5ab99f1d67db
SHA512

986cbca8774a626df4a9af372a8bbf031e08868e8df5ceb3d09d17df1890591e9c9a8ff25f3f0fc3232a31492fa8e454e08d4ff46c5a7be190df037556505def
SSDEEP

768:vJBNgWuHNOACfK+XNXXbQgTGV5DjVfZSS1XjQsPtt8urQH6kxV6UXKG1y+7BGu5W:vZCfurEe8cvWUqTAJy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1960	msedge.exe
1960	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4308	identity_helper.exe
4308	identity_helper.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe
4480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 2164	4480	msedge.exe	88
PID 4480 wrote to memory of 2164	4480	msedge.exe	88
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 4736	4480	msedge.exe	89
PID 4480 wrote to memory of 1960	4480	msedge.exe	90
PID 4480 wrote to memory of 1960	4480	msedge.exe	90
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91
PID 4480 wrote to memory of 2328	4480	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2b05f9522131e64f63cc94bce4fb91b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb31f46f8,0x7ffbb31f4708,0x7ffbb31f4718
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,7602837189671272078,6041487275421573313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88824b6907c160a1adc9dac0f9fab366

SHA1
092151a607b3e0a1cebd2dec9db245ac90fba4d6

SHA256
acd1747fef8bd790428533ddb13759242aca1474f2a694056a8a07ea25279ddb

SHA512
0cff4a36446b5f4307e4b48fbe4e6194c865359da3ea0f55481356aa17895cf4d6e8b96e71e0f044d30b389963143889af1783d3fbcb436d87e418a8ce0c165d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dae203c053ce32a4ec9d19e57ea0f1c2

SHA1
14a3c80bcf8581637df2c757f2087c810b278980

SHA256
0032b3bf2ee2a7811b9b8563e3fb16352bc3b903ac477587990e96e1da59efee

SHA512
9ba13d2ce15425b5dbc47e68dde944a2f2364f0e78e3a56bd57e2c5aa039eb04c22ef3a12f5e568ee568d4ddaeb1946d7a5363795b5030e02a5cafdf386aec7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cf565933a25242c70385f81181e78f3

SHA1
8e7ae6d63fd6d2a0a82a0fffa16d1b0c89294753

SHA256
58afd332141767ec95602aaae1bbe0b6685aa39a63712da7cfbe079f346b8837

SHA512
6765c0490c93d18df1602bb16a5983e46f4590460a000af425b43956470acf69208cf9bce3f1e45b6b7fa73ddc6bfac15e8f6efffee9ed49c7e41b060f954da1

Download Submit