4e5747adf6fbb651c7b9ba5b4b7eaca10b4affcb964dc2475a09fbf22592087c

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 10:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c31822bc1e3058c6e370d70b84cc67e1.html
Size

3.5MB
MD5

c31822bc1e3058c6e370d70b84cc67e1
SHA1

28045734c2ca10186f94feaf1807e852a6cc2e58
SHA256

4e5747adf6fbb651c7b9ba5b4b7eaca10b4affcb964dc2475a09fbf22592087c
SHA512

0f1d34fb25d3ec72af1c68de935ba0bc443f829ccb46c3f6e7a4b6d2565ae68a58a8db9d25bc4be47f07f3939e5b38a6637a90d78f0ce0a407af5556a367d0c2
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAN:jvQjte4tT62N

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
836	msedge.exe
836	msedge.exe
4944	identity_helper.exe
4944	identity_helper.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 4108	836	msedge.exe	87
PID 836 wrote to memory of 4108	836	msedge.exe	87
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 2828	836	msedge.exe	88
PID 836 wrote to memory of 4788	836	msedge.exe	89
PID 836 wrote to memory of 4788	836	msedge.exe	89
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90
PID 836 wrote to memory of 968	836	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c31822bc1e3058c6e370d70b84cc67e1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3a8046f8,0x7fff3a804708,0x7fff3a804718
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8970852110917995111,2642016535044822322,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
339a94266056b2e57c2b04c9e4843e0f

SHA1
08a4298c4977182c5f3dcd90dca286872540285b

SHA256
df7980434114a091014d3edebc605fb1757f90cfd293e33cdfc7959d7c7181e8

SHA512
8463d022a1db8561e2ab03cd7e3f3c17c84ccf9ccda3859edd025a204c29d6813ced248df2c3320c9d92c76705bf2122d5749cc759c9a942ba80247a7ad222f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc3d1e5cfd358c1ef8da84cd7e5ea8d2

SHA1
82c4e5122caa65322ba8cf3c05b03679efbd417b

SHA256
d8bd6ce5f7631fa8c761d8cec7bf009d4072c94340db26f391c46d9509dd8f57

SHA512
92395036469427d430252271bf55abda6b7eeb8169279cc21dc5635b99953b93556a8ab2f8eff962cde6b01a90b1ba1f6d68a89878d489d0285fcb3f8ca224e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1fca46f7cb9f1c81da8c120027e96d9

SHA1
9b660d92e0ce2cf04f28c5d4f33509c8c0c360b8

SHA256
8475dbf09648ceb0b52ed7aec2fa08d388cb161131a686b1075d861cbf6a7f29

SHA512
a1a746da4562cd8d1a552a662bf95fecf317d836768d86c16e057f134c30e07f9a34afac090f8e2139b8175979bf252b7dddc0bc86314ed56663445febab38c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4b7fb99945caf7a59d72b856ac28bab

SHA1
5868a55901bbbdd58aec2b9e7f05da1a824fcc10

SHA256
fbaee66b0b678e9240136cecfb51fad6c861be05051da13ce6018570cb4743f8

SHA512
55d7a46451317d3ac402ee0650a19ec48f16291908681a33fdb6c1bf9bcd3150fca47a4ef99c47a288f050b490406789b69ebdb0e133715201f9efc0f99af4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b74de20663d5c8d5e99bf3d1aa611497

SHA1
c2b8bd4b65a30bc4673f1916d56691b38dce48e0

SHA256
c6a9e703bb3189d640bef2b105572553edf9e2b6a6ab430c8dbee2f2fad6d70e

SHA512
8e43a4cf568b45c07f19f8d0122865e8b74a10ab92a140104fdd19a96a5868756e27a50a50da2085aad39c701a24c1f478b50cb6cf41b02aff95d5f4c1cbf888

Download Submit