0df02e5d48290aa34a36ba03324220a58e941e67bda0e7e13b8ff362595b0682

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbc6fdc41c41f03fa2125ae7a0db1495.html
Size

3KB
MD5

cbc6fdc41c41f03fa2125ae7a0db1495
SHA1

ca3a3fb812ddd54013b06fc5455677c5390fad2b
SHA256

0df02e5d48290aa34a36ba03324220a58e941e67bda0e7e13b8ff362595b0682
SHA512

186fff9e96bd3e2ebe6c08dcc838a1708ac498dc1b034bf0e48f32dff3e4e968224f86ec6d13f11db96fecb76b6f1f8297a300472f5c265a99ab816d7e61e698

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
3912	msedge.exe
3912	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 780	3912	msedge.exe	87
PID 3912 wrote to memory of 780	3912	msedge.exe	87
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 4548	3912	msedge.exe	88
PID 3912 wrote to memory of 928	3912	msedge.exe	89
PID 3912 wrote to memory of 928	3912	msedge.exe	89
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90
PID 3912 wrote to memory of 1736	3912	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cbc6fdc41c41f03fa2125ae7a0db1495.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9436246f8,0x7ff943624708,0x7ff943624718
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6634130031924708528,17464455386383539185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\903c9c5a-e1f3-458a-8364-20c057e74961.tmp

Filesize
276B

MD5
63e94862b42530f86676ad4d8dad984d

SHA1
3fd2230f79711e641c7d8bc1fc8f6d671319aec8

SHA256
02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25

SHA512
8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dea43ca14d5851467d9ca6bd5d7da38

SHA1
798cacd1be30df4e8ea3f8df6187b1b23c7917b1

SHA256
a6c560fecf1fb20b4b91a64a3f79a93a4be057ab49df03ee1e2be96b51a9d72e

SHA512
4322890a9c70600de6c5f86688be3bd841545d4c6dd4484a17736240941c5b65306cd11ad56611df512a32fc7287c5bfbd877c5047e127fb24acf113e5c0fab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b080c69d88e5d84cc01c993f472ab9b

SHA1
dfa9d26d72045a0539363ed86c822c5dd6852db0

SHA256
9b8eced8f3617724537abada8aea30c8ca8824f44dcb556ed3f7f44c446b8085

SHA512
298736a2d66d88eb26f062004f6d8eb31168461d7ba7449ad35a3925529c8ba791bf544b32152e9b2f12d8741d8fa9738c4a44220a0e922acc2e282fc2b80033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67fd2f5583e22f5d48ca17f5d5b707c6

SHA1
1c3e65ac6bbb539de407a7ce31d59df471a3b495

SHA256
7d983b7f26218bf941036c04b076fbbc9926f98830abc1f4243f1c2f875923a6

SHA512
f32adabd1005b723a0296f8ba401cfc760cbaa7d735b9190931428225ba66685e76bd5258eb7e6d73141f3318633a57422d9df7fe2b84b5661c713297dcb662c

Download Submit