c02c98bf338d271e7fa7732803ec00e6d38e9ea512975fbfa4336147e6e2d834

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c75c6faee04edf5ef918c885411ab70c.html
Size

21KB
MD5

c75c6faee04edf5ef918c885411ab70c
SHA1

a069d44a4e3bf77b119557f08341bcce3c9228e5
SHA256

c02c98bf338d271e7fa7732803ec00e6d38e9ea512975fbfa4336147e6e2d834
SHA512

394a9ef18037b41865c9e19b51a611ceda7ff5dee0f7b37e2cf546461772d9cf0a66de67ab7cf4ad836a06c1a3beffeb66d0a9537d314ef6b3c96b92866a860f
SSDEEP

192:I28ietW+1mqTD32kMeN6hWbZzgH5zKTe70U6hWbZzgH5zKTe7bwn2A2wEc9Hev+J:MtytHVKTeytHVKTefpmrzYK+qr6U

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1256	msedge.exe
1256	msedge.exe
3980	msedge.exe
3980	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe
3552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 2784	3980	msedge.exe	87
PID 3980 wrote to memory of 2784	3980	msedge.exe	87
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 228	3980	msedge.exe	92
PID 3980 wrote to memory of 1256	3980	msedge.exe	93
PID 3980 wrote to memory of 1256	3980	msedge.exe	93
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94
PID 3980 wrote to memory of 3196	3980	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c75c6faee04edf5ef918c885411ab70c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdf3346f8,0x7ffcdf334708,0x7ffcdf334718
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2014558679787094304,13217958888770591916,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
468B

MD5
7c3f8848dddecc2de159278de6232c29

SHA1
bca10076c4d1ae01bdde2fbba53c60d2289f8030

SHA256
ca773da7f8731afb34cb1d06ba774927a3df4f9ff00b0aee16cd00865078de33

SHA512
26121bb9db5c8c7ff71b11e704957c31040b80a3e507e113731a7eb94953ba6281abb87ead324a67374a9a21be3bdd064d68647e26f416e37badcbb94759e8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e8cb6f935ffb7cc84ee16a821337fc4

SHA1
40e33799c91cf36dff3da724a9c06376a9ff8311

SHA256
058a3df49cbd0f331b59fdbdf27619ec396d70aae7a87e51a65190cebc69cb83

SHA512
a1a441423181737625fced137f37311f11fe72b2111fc9771dfc576d3844ddd63c272916c2b92032357400339b0a837943df44777dadb915c210720820fa359a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3851146dc00e78ebcdc26130509b7f02

SHA1
02afae50e95a721befe7653605a66541c06b8e73

SHA256
f683edd1ff2920b77ed666e620a4f00dfbb44869dea4aed0dc6efcdaa4f87e3f

SHA512
3dbe8abfbc0beceb15a8f1239a0b5b25373f112e5cc9ae0d1f85a38533623e79b051cef3eb66e4e254b43d2e32263b61cf8e9beeefaa069d15b65de4d59ffe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f1c4b49e1edb9f06d48e9af865d6034

SHA1
e8216ca99a657766bf857fadc0dbdafe86353916

SHA256
3798e896746a215c24ce357743371ba71b30f936904da71058468180191eb21e

SHA512
deefd8f474e5bdc0227e3f5ba81dbbe3dabe92e6758d41d31adf109009a3ca7767577091f8255ca27d37e18d4fb99c5f4ef0ad80423ad0afa5fefc2ed079875a

Download Submit