6f8833c3d9df7bb029cae2b76859ddac41f1db67f3efdae8d35679d39b8b5e2b

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccd4d6997d6c389bdab56f5f3fc97e93.html
Size

1.8MB
MD5

ccd4d6997d6c389bdab56f5f3fc97e93
SHA1

b3abe45924849ead84fd3f825f7be82b9f6f8ad8
SHA256

6f8833c3d9df7bb029cae2b76859ddac41f1db67f3efdae8d35679d39b8b5e2b
SHA512

1287cd22b2745ed36302a9efe6a4518e3ee16d029d4b0f0e3da8b6d7a2c1a278446bb805afc003443d15d64a82520e068bbed6c3361544f5a843ec3898ded243
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6Nlo:jvQjte4tT6fo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
684	msedge.exe
684	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 1136	684	msedge.exe	89
PID 684 wrote to memory of 1136	684	msedge.exe	89
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 3604	684	msedge.exe	90
PID 684 wrote to memory of 1672	684	msedge.exe	91
PID 684 wrote to memory of 1672	684	msedge.exe	91
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92
PID 684 wrote to memory of 2788	684	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ccd4d6997d6c389bdab56f5f3fc97e93.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8497b46f8,0x7ff8497b4708,0x7ff8497b4718
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1919810080303542341,12123599166844522899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
06bb0ae9f1cfe82cf779a3cc6d3d65a0

SHA1
71b0108acb705e91f00c4e135f7617bc9d2d09fa

SHA256
336004496fbf06c66c861e392c942df319d966c7bc8193eb9452dcab31b29f73

SHA512
d8c6154e060ae33b05d6e1e754bf49caa2ad7ed0824aa3d8e2e4531887188a83d822e5c331f87426c0202a09a7fad7888ce38a4eb396252b03d932c66e0bb482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8517f53ee368547ea85548954151d421

SHA1
4a6f8b6e94e6895844d3b49df834ad3749553540

SHA256
1ca5f2a5335988af283e6a15b99b2096d92d5d27597d867601c7a24054b3f9f0

SHA512
356756d3e4fe81c782d7d788734d5dc674dc5e8bf7926ee14f000c1e851871cb239aef51bb1060584b194692b9a83f64bee0a23ad5a9cf8819016d0ff01565eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16d305eb037f1090569c41bbdf9f410d

SHA1
4ed95fcdc18c844f40d539fcafc5044a3743bee7

SHA256
0a2e0bb221e43dadf47f63cf88d6ee1d35e5f66042f9bb47faed2b793168fa21

SHA512
a7a0ca6dde2608cacc68ffd3897cfb4788dfbd59b7bc3b0997eac12eb71984b0640c437c75f34edbf606abfeb41e9bb16f642b5de43ab9e8f815118589de1b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a65382d2e48a0af1504840ef86e4ce50

SHA1
ac96960381dad43a0255985e047f12079eacb0d6

SHA256
ecfb0085e50c45136c765724942fdfb3952454f297a35cdfc69e0f55336e33e4

SHA512
e8d80ad18d8229fc53c649531b21bb75f98097cce8910fe805edab86be873c354cf9a3204dcb3719f222bf52aec36a22003465ca9b465ac038f50054ddcdbff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f4935e0228ded6f184f6a23081678b6

SHA1
5a74d308e0418cd8534804a36a2c26e01cb5ee16

SHA256
7ce4f3f5abf29db2394a472b0bbb46bf512513c0569f822e019d57313a54d774

SHA512
3abfb322ac34e5133b4ce7f65afb04478afc819283a16e1d2e648a1d48eb8ab59b4cbdb0817107f25c9fb74fc95675906ace1748cc458baf29cb5ba3c44e1716

Download Submit