9e77f505aafd6c36bc7b53c20b2f27c4791fb53b3d372a6efdb2ad0a5ffe4511

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

office_c2r_links.html
Size

1.9MB
MD5

025d9193419034895115124ce3ac3641
SHA1

662cc5c4e2eb50a74cb386e37b5dc50784d58c2e
SHA256

9e77f505aafd6c36bc7b53c20b2f27c4791fb53b3d372a6efdb2ad0a5ffe4511
SHA512

ef10f98113e401e376af66a5de535911bf3daf229f1bd8886c70313ae08a3f99c824abc984d2e43477b905569840105064a7c1541831b5ecba4db2c4d2649c71
SSDEEP

3072:Ebox6HjWKKG3uepu8Os01FvEW0COl1o01k1TDMnM+YawoZ1J1Ng595NiGnvTzufK:EbU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{86895BB2-3C77-4289-A56E-8DF8D932A622}	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3224	3316	msedge.exe	117
PID 3316 wrote to memory of 3224	3316	msedge.exe	117
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3356	3316	msedge.exe	118
PID 3316 wrote to memory of 3716	3316	msedge.exe	119
PID 3316 wrote to memory of 3716	3316	msedge.exe	119
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120
PID 3316 wrote to memory of 2024	3316	msedge.exe	120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\office_c2r_links.html
1⤵
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4788 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3552 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2120 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffcb9082e98,0x7ffcb9082ea4,0x7ffcb9082eb0
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2228 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2520 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3372 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4420 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4420 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4488 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4616 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4488 --field-trial-handle=2240,i,6941331710540474764,2704162067542112193,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
98769888dcaaf285f2dc83b6103c8e97

SHA1
c497d711e19a276daecff2edc7295a588170a183

SHA256
d1ba87277a5d46ce02c972160429a2670e917c3bdb48836b8567e45aa635685a

SHA512
2c3f809e5a027bd90f39887291dfd2e72291a5069771b1e52d3e7caeb9e6e56aa2873e31eba15bc733acde09857d2d2b6a22fdb4df75dd42c63768fc148eb709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e134be6f8fed09294f0ff2421f480126

SHA1
fc2c7eb077efda322e83176ac286f8746c3d615b

SHA256
9e8395613813c40c843a7563ee7abd65cb3fbd9ead614c157cd14532861d0c13

SHA512
40421163a529643ba939678087c86632eeb4a6a54667384a067e0fa9ce6ab53745b168ecb76f2499269f33e61899fc4cccf2a5bb76e2f0b4a7e7a3fce06aaa7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
ca2769497748d84feb612d8644e75877

SHA1
50a60da057d2be6a6335af8fd2136c2370c2dcd9

SHA256
2c6af0701fe866cc9d9ef661b31b250b488b77a6f6d135fd4e1ec8a41957bf60

SHA512
76f6091f3ae5057f8ef13f25217d424813e4968e2545b6dd75120d67363b4d512e20d0d9cb48948e815e7c227ae6cbbeaaa6c90cd4c7ce646e9148ad1bc6c09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
67KB

MD5
ee666016e8bce91bdfe60cb02f37b54b

SHA1
2b4fca1571c83c541cacc5320e4107099578e774

SHA256
d50dce9e8cbb5e4de3afa426009adf8ac4a3b8849ce3d03716e442893dbd934f

SHA512
a060990d292f03a79fc95b27f345f65881a8ca7fafc43559d93899542bb3d1d4300173e50820b11856df536c2dd4af703f19dcdd669c036c3ecaa77f1f0329d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
57KB

MD5
11aa656496e8937d44815c479a19dd02

SHA1
51daa1be1b50ec9eb65f8ddf96136923020a7570

SHA256
32a5e16bbc0f52f45e1c44edb0cf713b99ffdcf2c60646f57fef82cf40dd9e2e

SHA512
dcb2a2e026a2d42d9fc1b865fe6f14afd04feab2b1f77eb4771b2831b16fa0cdc56386b425822b5d43d43c6cfe23acacfdefdef2f44f9052565ceb719a3df461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4bccd9babf3c0f356fa47e76782eb2a5

SHA1
42b79c9da1e4b19cecf96da514cc2b4e8b186713

SHA256
eab6da4908abb11644d4f144eb8ccec20d18e6a92a8593b9c341c28033af2e0d

SHA512
081bd5d4c3fdcfbdf84769c687dc7fe1b0eb82a7f5261725611556e22d195074bcf13317fc342c92c7d660146eda89139cc84787c1daab61d38025dd31dc41b3

Download Submit