3212700471128c00c9448d13c6d3b93c7c3cf322c5f897e4dfbed9dedc1227c8

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6f00e8a723c37580e4d8994112c9dc7.html
Size

54KB
MD5

c6f00e8a723c37580e4d8994112c9dc7
SHA1

864c03da34718664ba977c59f904c0d8a9201243
SHA256

3212700471128c00c9448d13c6d3b93c7c3cf322c5f897e4dfbed9dedc1227c8
SHA512

3f4c7a81fa5d39b7f2dcffef121616490f9b2629cc6e1a77a3111f4d274c700929788d6ba256b0d300deee82c4bb3a808768c036d7abd4081a46530227471925
SSDEEP

1536:/7n8d6w+bFePQUz1KqxM/hYYr5kYyw+7UnGxTOEmxYRM:ZhbFePQUz1k/hR5ke+Y5xYRM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
2784	msedge.exe
2784	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe
2784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 852	2784	msedge.exe	87
PID 2784 wrote to memory of 852	2784	msedge.exe	87
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 4104	2784	msedge.exe	88
PID 2784 wrote to memory of 1140	2784	msedge.exe	89
PID 2784 wrote to memory of 1140	2784	msedge.exe	89
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90
PID 2784 wrote to memory of 1004	2784	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6f00e8a723c37580e4d8994112c9dc7.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aafa46f8,0x7ff9aafa4708,0x7ff9aafa4718
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,58205319283633987,7297148783321141342,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
8ea54955be4a317e857e1c8e40af5ddd

SHA1
83d2a8d7b1e7782cee24623be5c5fe6b3df3e293

SHA256
3dc186bf9b2156b37a87ff01c9f38ea8fe6105716d0a54235a2d682f4c7faba7

SHA512
3d10945f5c970b9041d601c3bb222663050957ff3839337677168416fd9a5e3c87ad118e0111f346b5d967775a698d389d449323d71fdf8ffff74ac7e6c69534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1023B

MD5
2cefef070550cb1c7f78a1fde831cf15

SHA1
26a836111a42c4e18bacae8382ce6efeb20362c6

SHA256
8e1b26148dee09adef0c1dafaf4098b48524afea5cb0d0ffd58a319518172d0b

SHA512
3e75bf98c03ea064314f9589fcb752bfc619470722ea83446c76e4c65bad11051c1924b7e88f784f32dffd3ff5380a056ef1347c787ff55b247fd90c908e704d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f92203980d1147c6d2d3bc03ee4e9f7c

SHA1
2d663c7cc30b2c4690b72b74940f94b84efe8b59

SHA256
62ac70714cfe90b4d308d05366af02f63f7946af40434248bc5c643d777cf93c

SHA512
fd62b1e9b7b921ef345f8960e778eb192b7434835c84751edd25408334bed6f5cb5bd7c32571de093f53b578fadeadf8cb39e6e65eb05a83f0de36f07997452f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22498f7132aaf1248e967c9d35a34315

SHA1
92c1c0722e0b5973d91e4e8b39bfd37c3615b15a

SHA256
d46b36a6f82ab1ce5099f7bc286fe0952092703993fd2bd5c1a118ac33ee81e3

SHA512
e7426a9689f177cf8078991cb3edb5b5c7112692eed5673ee0c42b9b448d70c1a6494b5b619f77f175c77f766118ac4c49b47aa403d66403f7b5c26dedfb1634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee3ee0e5c3f24aec43731c61f73b5e9d

SHA1
4cfcb158e91abf07875f6c3b25879d3e848fc28d

SHA256
d5ece340c803ac5109a14eb883c421c846066d1d7958557366bb13b6ba670f37

SHA512
17b4d148eb67da109bb5d6e6d7a4c1dbff1ebab57a3aee87789c957fbae8c246c49592de59027a599bebe8f1b7bf9b93d55b3cb82b6fb688f19b1af23d272a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cd952ae67c734a61d15bd2b9e0c71f8

SHA1
2c2ba8b308957ac312a0b7b3c63df8b778bf60e8

SHA256
b3d8d5819293c5f6bce1f684b2a51d6aeda52ce8aa987395d8b57a4b0db4b51a

SHA512
d6616b6dcc4060f0c171985506a76ff40ab00bd035fa6b32b6524e6b5e3a45208fef45885cfa10dd8c833d0ad0b86285649cdc67d634126abb1796cc42f6f48a

Download Submit