b6872823ff60a777cc361e3b692ae05948700a224c1545994ee9e84f532d91fa

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 13:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cb836c99e1cb86ef17bf7a6b1cd1a206.html
Size

44KB
MD5

cb836c99e1cb86ef17bf7a6b1cd1a206
SHA1

903ea8a61e754a169e9c7012a52827a5184d6136
SHA256

b6872823ff60a777cc361e3b692ae05948700a224c1545994ee9e84f532d91fa
SHA512

e46cbec4f191a41756cd8215fa6553d88c98b5ea8c9022fea56d988e06da389fafc5420e6584757323bfec55bd150ee4e780309760e9601ed78a2888c405ac58
SSDEEP

768:mwS0l/sGVLsk8ejW4mTNn2oLEelgyvMAs/dkAk:mZJtFEelgyzl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4792	msedge.exe
4792	msedge.exe
2688	msedge.exe
2688	msedge.exe
4708	identity_helper.exe
4708	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 1896	2688	msedge.exe	89
PID 2688 wrote to memory of 1896	2688	msedge.exe	89
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 2544	2688	msedge.exe	90
PID 2688 wrote to memory of 4792	2688	msedge.exe	91
PID 2688 wrote to memory of 4792	2688	msedge.exe	91
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92
PID 2688 wrote to memory of 4460	2688	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cb836c99e1cb86ef17bf7a6b1cd1a206.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff858ea46f8,0x7ff858ea4708,0x7ff858ea4718
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6708011885844398603,2566522469599261703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76b4a082cd24117ddd35df297f8e78e1

SHA1
a8d724f7ab341df500efb7394f7b59234175f58b

SHA256
c300f695fb5233b7e3c9e898b1540b567b1ec1f4bf8d3f391213f152714c8aca

SHA512
89412eb2d15e969ace1e90695659773abbb03c492bc8aafa0ed7c69b38aba5d80343b10415fb8ca8ecc22fb5652a968f191f3dc29f52ea6bb21de20de8a0249b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c144e453c9a420bd16bc86726c71a22

SHA1
4b1e90eef6159d434fcb5f7ed5374d3c282869c4

SHA256
9e672321955f0357c9cf2de243b87cd0275504b203fcd09330c5bd9fe55efacb

SHA512
6271a64b6615c328487ead4b8e018309b2d9048cab8eb865eaaaf884f0265239ea8bbfaa7340503f1e55ecd1ab9708920d10837a7921c594ad814ae1fc745418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
282e65a471f7d2d5bcc437c21d619f5c

SHA1
9d450d1980231b9f0abdc1e18b525cab3ea84f3d

SHA256
a1660cea1cfc20e6021aed7d61cac695ab848179528d76d5058de1a4d7e7d5c2

SHA512
54fb4124d141b89dcff9b42019bd9aa49b664e2bb950b827116f67e2b265f670f93a9dfb609971edec47f398e1e4d7c47b20fb59c3c470755acc4432411ad3a5

Download Submit