9e468f5797420cf8b3bbfebacbd2b64837174a1fbdd5ff2e21639b6674294400

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3a4d8d2b2a45aa370eb9d7db490f8d7.html
Size

64KB
MD5

c3a4d8d2b2a45aa370eb9d7db490f8d7
SHA1

a808dcaca43f19ed398f90ee4f85066440e5a8af
SHA256

9e468f5797420cf8b3bbfebacbd2b64837174a1fbdd5ff2e21639b6674294400
SHA512

fde14a2865250ce10212b8f4aa972c2844c5d4a8846306196d0899535fa7e949ab43642a1f0d8874b6609010c0d4a2b43f8725f206c8708a6fff0a95cec145c1
SSDEEP

1536:K9tmNsDPmLjDKr8cNMd2l6PUWt6/ERwJtQ8EFogPkrDz4C+kBKy7owaTKR4/TCJC:K/mNs4KZNM14ERwJtQ8EFJPkrDz4CjBW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
4968	msedge.exe
4968	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 4628	4968	msedge.exe	84
PID 4968 wrote to memory of 4628	4968	msedge.exe	84
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 4024	4968	msedge.exe	85
PID 4968 wrote to memory of 1384	4968	msedge.exe	86
PID 4968 wrote to memory of 1384	4968	msedge.exe	86
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87
PID 4968 wrote to memory of 1580	4968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3a4d8d2b2a45aa370eb9d7db490f8d7.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc71546f8,0x7ffcc7154708,0x7ffcc7154718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,18064815786791633888,1444342474036424374,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
34KB

MD5
8c91894fd272a1dfd4a217aaf99c563c

SHA1
040b39490edeb78d79d05731963c564642fa0b6f

SHA256
ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23

SHA512
223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
31KB

MD5
e28810ab86d70c99fbcc5f5032b2a52f

SHA1
fbb2f60a0ce8daccaa42471fd4dc0407c7621bf9

SHA256
d3ef6477e5c3538187555c27eed5cef1379d845e895ec33c7155f6debf0005c4

SHA512
8b4d5d769491d508a02da7c7cc48b4d0a6355e7efaaba2857fb245c49efd071f28d07db1d2358f2cbb9467395ba0101b5e3b66a2c2f816d41e257f864d2fc941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
285e8a7eaeb76cf4976a5b0a5d3de0e1

SHA1
27b87d71144a8cb026ce1b7462e8d6a653094286

SHA256
35894c2514dbef840c8bf943dcfb44a021f98e6fc73b309ad130acefb6bee749

SHA512
0eb1e65d5a166f60a3ae1b6878bab42f6ec9b67fc142f9b9230e299fecfc0c544c26d3d4a405a11f3c7fcec298aa0b782cf0eaf5d28fde5efaff5b2e9e40ffb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
24KB

MD5
f94f3b839a981da8c605f55ea48c8b10

SHA1
7393ca5d10366b13597191b8e33e0fbb6d455425

SHA256
c2cd175a2f4f5a6ae55ae1bb0069e595782cc4e8a01da0a3af813c5e30f8f94e

SHA512
8b1e57642ab2b7e653fbe69c2aad17bc46525280ea14310317f57d3391d9cebaa0614851a5416360915b3dd38025529dbcc769fb4f9247c838108375a0004246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
32KB

MD5
ca2b85950e50281e194565f04c8ffb33

SHA1
f0538f741f91d284f8ee6de3a4a13d54bd737ba7

SHA256
3481a60cd5a4dc0d369e1e773fcd44702fe5bcea661d612215e87799891951df

SHA512
d7482d7b428f3e44d098aac4f32ba7b4088821a335fe2dad223b1d690c3cf50860375ea060d3316dafacd8b0c16c87720c6f742fb6656e21f3f24dcc27845e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
53KB

MD5
c02405b3434d3859d6c9fee12ab6801e

SHA1
00c1cc5c3e59393e14e35029f1873dd6c611f275

SHA256
0975b5e6b8fbe20d9ba6a77575beb41fdc399d01ebd857bdf27b11fd6dd057a4

SHA512
9c3d83ec562a428c8d245768f57423b776fc96178107cd53a2839c2104773fc34df73a213344b2351837c2063adb622d9d2a9143ea94bed96262f294e90f883b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
daa3adfadabd98a4e05c72fbf042d3bb

SHA1
4cfdef46d2e57538f34a4748ca1d880713246dd5

SHA256
5200dfbdd1409d544a045f92149be50f300877c7e4648695ca5a00be988ba455

SHA512
547efb46855500e052b6db2e093d742d62486a33d14aa99398376db00447e11d7190b5c8badbfe80d3cfd8b0fa8883ce2a7bdd93a1f2a094578de520635766b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
744B

MD5
38f92624a28217c272d1977967979015

SHA1
b2174200f899d133f4a0cbc87668923b9ca1f73d

SHA256
9c5d8a87ec6108abeeaf925ad0584ed544759f63a96d4c5f04072b9c78626a26

SHA512
f16540676bc010958f8e7e321e922684c772aa0a5a2553b1c15c11ee72345d0b9b8d691b36f10f76fb2913ac44e71d4106705384ab9f18267f79e53f9d57c8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
07a19095fe1ded38011a25aba9f013ff

SHA1
ccf10721b035ce74e25ba415c30fe15a85fbd75d

SHA256
c5092ab0a65ea4515f6698553b91e8fa679e0dfcb6c092f9ccab6565f6ca6a53

SHA512
643e1f0848080153f655c7ce186432d52ee0277f0a55728c39a387d7b46cfdbf7aa3097f8d0db301d14cc9d0fe3684261e7eb9b3417f822dadfadd246c0f73c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bda1ec2f4f21f44a27b85ae9d5ef9ef

SHA1
620456a60844d3cdc857194fff3ca5c0bd5b6fe4

SHA256
9d05ef4063588496c1106a52bf5942a1756ea0c8228e07dfe5e7349fc75a3fb1

SHA512
a33f0944e50340badbd7289414a95bda551186a658939aaa0a597d5d640292e8723d882d2194cbe51ed913be85f8b0fa7429a2968b9e80e116b4d1ecc2e1003c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3e645b0860bf2b13c7971b28d82c6db

SHA1
4b79a0e068c46aeb156dc80bda3416255a9971ef

SHA256
17914c5679d5fb712b99c21098a2895460c543946943f3716cda6d958261ee09

SHA512
5b22c52111dfadeba0538a7a3d8d43925fad8312986ec02d27cf74ff3309a3d14583a2774a4d46c9266cd659be6f53fa3acd2efccdcabb180a4ce8aeed19f361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c47bd284f606721caab5465d56c2e81c

SHA1
4431c463d15f09f8e77d651769b791597157a162

SHA256
87933656e358a99733c2375365fad4579320477b7fb1a8b1fb71b13aab4904ce

SHA512
81f2a8eb8ac0110e9bef4a2e4f9d0623cc725f870f0c8d648a55a1b37a26c7d3807caee6d8f9f471c992e34fa75a6a4a9a9d957ff7f0cb1312ced03a3b76d96a

Download Submit