474d6fe61dcacdeecf79325db052e41ced16b59a5a81d460d25f67462c15a9c5

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

406KB
MD5

7525079aba0b7a8f0651bddbf44c1ac3
SHA1

9070abe35175fe07e35ffeb2708bc4d9f673ba02
SHA256

2e5e157dcc0e505fbfe4c19bb018656b615bbaf9a517564dc1467fa5dae70b00
SHA512

3ffe47e1d61fa9209ae8df729b56c7ae35549bd14332e6386b1e4e2edec1d48b55e0cede94927f589be95a2f46884ceb015cef34a1285c39fabe2a389d872a55
SSDEEP

3072:22Zh1+7AvfcdT/1tICYLrXM9/tPWCU/MzdDTdD:22Z3+0fq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
1540	msedge.exe
1540	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1432	1540	msedge.exe	87
PID 1540 wrote to memory of 1432	1540	msedge.exe	87
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 456	1540	msedge.exe	89
PID 1540 wrote to memory of 224	1540	msedge.exe	90
PID 1540 wrote to memory of 224	1540	msedge.exe	90
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91
PID 1540 wrote to memory of 228	1540	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4c3146f8,0x7fff4c314708,0x7fff4c314718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,3128814861019345418,4500135668816991270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
258dbed2c324351e0142a1f1f2cd9e48

SHA1
fed5bc3216c776817dbd46c59a346acbef0a6d85

SHA256
358a0b7bac6efacc7d1b59a5be8ede4d665505dc5190b96f2fdad1b1ea7de335

SHA512
17c0975af423579c0036da6b85f1041e4980d8e5186101657c3667b493ffe38402e3c2a22a8768b8045b0a059955897705ea7c04b85629f153570e170b0ad5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
250c94244e3dd937107a49c69d047dc4

SHA1
ba0007070c485d37b445e0b0bc9591a2c1efa126

SHA256
17914dc008806689fab7a5dcaea315a69be9e163580fc1f69cbc3bbbe700e72a

SHA512
c9c3be63aff39bf07efd321b96bcc9ed8eaf28608df35b43d43fbee5b483ad331b81f323bed55ef7e5256da4e98d222cf60a81c76e0a8b80ef314398b4841ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0d02f9e52704a741bc36d2c7f16b35ab

SHA1
26c67c0e50064e6cdbdc6cd406344bd570f6f86f

SHA256
18914307fc0febb9a171437486f2ac465b7de990a37d43cd8794e3ceacfb6a78

SHA512
b08d834b9af7885f83137ebedab6028e0cab0bbb4181322157befb239270bfc3971e5fbbc42719446da2225fb5e2d15fdea99fde6b1b447ceeaf5555fc1a548c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95a1d4e577e469a43acb4d425bcb2ff3

SHA1
a497d8312dc86f2b1705c8f5b459645eb83cc9eb

SHA256
fcd89416af4ec41ba6ec8c405094a7e5f74b674658c78a01900eef66ab6a3fee

SHA512
638be8b7deef696944bc946750fc09eca25a9d9f174fb45da85d78406805b768d082a8ab6b6080f6b6301a34b9aabaf2dc78b569b6abcee4260fa7dd3d12ac76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
116e7f5fc52b6874545dedccba122e64

SHA1
4cf160be02d2168724c5543d6e51816f3c12511a

SHA256
5d75b1a4d822194fa1ac2e100b1a5e2ca5396d1ee7e4ddb5c4faa807607a1caa

SHA512
80ffaf1fc5b94aba215efbedfe0ac80ffa2fde7d9f332786c6dfeb87217eb55bc03471b72a358abc7cb5fe7ded09254ba9f051139d8622d8561743d5540108eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
66ba842564467e93f43371adebe99cd3

SHA1
be0cae4b511ecbe5d0191ec2bb01313f2bde999f

SHA256
4cff4ae3a026429cae7981f2457be5fa7a814e9c9a6594d4f563485c88a1d1cc

SHA512
9f7663107b7fd6c62e89705849389ae468d53a9f72c2ca5fbb47434021acff45429bd3a10d18d1449a4bebafde0006090e7aa6851aa786d9d9bf3b0c258ca894

Download Submit