Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
16-03-2024 00:12
General
-
Target
cc9c881039149d30d8cd942e2db4b77d.html
-
Size
432B
-
MD5
cc9c881039149d30d8cd942e2db4b77d
-
SHA1
d409ca709dab40ce1fd2a9804e87ebd249290200
-
SHA256
adf384a8da43cdf58ccee679c6aa40b9a8b10f14a378a86923eefec991b5ae86
-
SHA512
9ff73b7af97e08a47f693a0966a0a0b8cd99dc3285d190ffedf345a05f6b6fba00dd5caf2d56c2b564c25703613fe8ab0537e7d2de08a014eaa17a08f4c5fce3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cc9c881039149d30d8cd942e2db4b77d.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce5c646f8,0x7ffce5c64708,0x7ffce5c647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5268693448648147515,3697667018981517177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
Filesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
Filesize
6KB
MD5f6c6fd5e1c16b27f694666b4cfb829d1
SHA1a6662553c7959606a162c8d10c7da74a7ff963c3
SHA256b37c7d4c6249ee0ee1d92c5e02dba821d4a4176a998fe2a71c99106d57a30709
SHA51289282e12fe4d384ec9e55bee1e745881891faaf121a5af76d36d2c24b36c44b2b355efb1ba1a2c237ac59fb8cf8b6088f46535db247233e2889376e44fda38c3
-
Filesize
552B
MD5d015fa8128c045452689e8c0bb617258
SHA146c2b38106221d4d1e00e83c19e864ebf168e1a5
SHA256ed9561453a95c34886822349a6fa3a3d437ff196988647517129d1b151e87e95
SHA512f1069637293246d150e4929e612c2bc251f6237f139dc1e2894b4d89380e2b76d3f88babd6a5dd615831c2839c67081c95158a8499e57c090f2ad3526e677503
-
Filesize
528B
MD58d26126fe21407aa9f26f3269a10a981
SHA1c994397cd3d199097ed603c588bd665f590ceac3
SHA2561d3b45ca6863b40e5547c366777773b87ef45a99738cc519895e35e70a8a0fb7
SHA512b3495680d440bccdd460bbbf12d918ce24786531faee3ab55259be58bdbc6ab316b191c5a0be4f594ec05d887f3ef337eaab21b7494f079e91a454eea8afb1cd
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
1KB
MD5ef44d359baee54c11495c075a4c977a8
SHA11d36cd990cc31c394e9895b3c8af79884dc54ea9
SHA256e8d876b75aa2b6800835360459b8bb227418322c955f96024f409f16ba20978a
SHA51268293760f5a3b9eba188069dea62b437cd1f0b351877fdabc6532a29f699d8148fa85a7ed99721fe2670199ff5d80d86423c5a633ec545ae09b36eecb422208d
-
Filesize
8KB
MD57b093444ffc9ae739007a59f5be88c8e
SHA1c557ba4949e8718f8f7109e3db6de7eb0340de90
SHA256b9238c4edb439fec9b14c71901e3b5b127c2e996ca5f1aade16631aa1e8b72f8
SHA512f265a0fc6d3f6487264d46381ed7dbd236f902ae1547daa4943929ad156ff410406f91c84fe60ef8c07d10485d9045a21890429275cd067014444ce89ea1a4a4
-
Filesize
7KB
MD59f7cda0afceafeb0b9f33b3ac0442ee9
SHA19cb8631f763b4396a2544ce01a8b3d4bdfc1d6b0
SHA256f20edc072a0f1fcef1791cdfda21c0b380721fa6eb56628c41ce57b02753c108
SHA5124afeddcb7241667c39f34792218b34464af2a3fba62d3a95a463570d31520f47d67b0d4d25d77f6889fcd1872e1a9ecac19225c5d43b5158e48b27054345d676
-
Filesize
72B
MD5f6b7b10cab61d0fb3994f0a377d05cad
SHA1af0809ee45928cfe60a31b711462022b0195a4c0
SHA2567021135fe38ec09ef9d05779b0a1a56f329241ebbd69cc33e93c83ee789b850f
SHA5122e3423359144c4d3e825431380414cf296e82ae2c67f75299505eb60ec86a91bbc65ffd21f2a308d24e2a12d99e1662c3bf249a80a9a59808727e14b61cdd292
-
Filesize
48B
MD51e1b65261509717ae8c8717025af712f
SHA1db175ec439cda3075f1be1215cf974ed2b8aeb8b
SHA25677d5477c97cf871792717a04a8385bf33956797987fbcc32a32b1a75a9676b04
SHA5123030e78485922d5eddca9d114b27ed5d5533d249596cf75d9c3c11e352cefc502d242c82dbf4b6906b1300f7cf7e199a84034be10bedf4d423518f13f233a0a1
-
Filesize
2KB
MD5fcb8635225f3c81dc4d840ae0c577622
SHA146f153caf37b7416aaa83d421d3e10d66f0aa6aa
SHA2569a1f103bfc189591401a2c025c491f8959d758b8cdbe2e6892a9c0fd079e9d84
SHA512d9d14497838ba8ede4daee6bd6c9bf3e78a399b8f39e8be3aa4bdc6046819c2d8624801e436b57430509b669a31c67c65a67b26a2e70b997dec86b1df9ae9d4e
-
Filesize
1KB
MD50ab4533cc4fb172216ec961146ce83ab
SHA182bc6114ce66f4e51e7f23d81ab1a6cf8ef1926a
SHA25653cbea602116525f2dfdf2d98782a6cffd50e2a9fca6f47b345dabdff2685622
SHA5126008f339c5d2881e14fe8363059c3fff9711dfbf8013589678c574d3ca75be4c6c3e9276fd26ca46908a091728768b2ee47d6e4d3f31df497814df9ade79ca18
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5ca0297fd5ec8e2503ece09444c34183f
SHA1f47c23e06ead5170e75b6782ede53ff1e201540e
SHA256c6bde69b6779e22c02f98ad086b7177ceafcf7749a061a1e9de224647df37b32
SHA512078e6ec79fa84b18d210987bac2b04fcc59a8e77cbff17794709c38414b72f7fd652db44c7459c9d08b4a57aed7d889d504eb8d6cfff1353768af23e1485cda3
-
Filesize
11KB
MD5c6adee8f0894c2765fa2786952f37625
SHA14e8d0e382719c639bf93ebdab0178951d869b0f3
SHA2568e517496b33e7a9a3c70b5cc3dd7737f0a617e876efd6c36f260bc9e8bcac680
SHA5128452eb4e2ff26035e3c2c22a96022c2b76836a8e6cb7d4bf015b52f8bc4ad6f5645c783d4efdc65355a89976bc7b62653b3d26508eb52bf3b60eedf64be0ef02