73501bc6f54c1c74ef1049cd97bb261b9e1d4c2408d22aa362e0c7c58abc4eb7

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d39603be0c6e9ff2fe3dbe6094f293bf.html
Size

56KB
MD5

d39603be0c6e9ff2fe3dbe6094f293bf
SHA1

7eb5b160ba2f3d2eef7c5b4dfb8ee7a51cf4e1e8
SHA256

73501bc6f54c1c74ef1049cd97bb261b9e1d4c2408d22aa362e0c7c58abc4eb7
SHA512

e36ce4b870cbc6a7a1b5f9a5bb39b7497d8a5a16c55da3c659a8e297f04f892d34e47d2917097cd96861a2d7082c8c15a3c08cbf805901705db7c76a93390eb9
SSDEEP

768:zLspHvvCIooBwaL7vPoBuzcy/c2wRAOFN4z:zQHv7o+wanvPoBuzZcAOFG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
4472	msedge.exe
4472	msedge.exe
860	identity_helper.exe
860	identity_helper.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe
2484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 5036	4472	msedge.exe	86
PID 4472 wrote to memory of 5036	4472	msedge.exe	86
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 4392	4472	msedge.exe	88
PID 4472 wrote to memory of 3936	4472	msedge.exe	89
PID 4472 wrote to memory of 3936	4472	msedge.exe	89
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90
PID 4472 wrote to memory of 636	4472	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d39603be0c6e9ff2fe3dbe6094f293bf.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbdb946f8,0x7ffbbdb94708,0x7ffbbdb94718
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10434715005140786118,6572869217456675152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a9b40013a4deb01d120cf3d6c3cf9466

SHA1
5b2814df10163936e1792e33887219acfe8cfd19

SHA256
6597171ba038d9fb87b113a3ef07f09c751b7429313d2f0ea51e02c1230f822e

SHA512
cf4ba14f10bcfb4928738daf9c6800957c75a16cad46666afb28dcebbeb01336b6b3f9e33aafc518b968f8b80000eb10406f5cb77e7cd6f7d0e5f9d426fa926f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c75ac44ebfdd35a0854a3414efe620ae

SHA1
53e507d5f1f5937839658278a4acb5aa271f2600

SHA256
cb50144787fa63cb210a97fc36e7149ba55c446fc623df4e536b4a5ebfdd7bb9

SHA512
66227d17ca3186927a5849ac3d758434b7e35c47ce436fdff28a22892eea6f23219d68f8e090d04fa11d4162d5cf058826f4cfbcb4293ac058bdff1f715a3a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a82a0ccb5788902226f157b037675a8

SHA1
2ac6de5479c56b7a184aa1eb178622f38dac4a86

SHA256
f26ae13211f7f3d60a52871c019a30da541df5342d9d93d4ab38a099bdedc0c5

SHA512
c43fab814fa149d026bac5c7b24f6153ca02877e4cb0f57d7220eee3f47efd7dc762bdbc3772716f883deb67c9f9faea058c7f8b22ac6f6c7c15b2a026f9eadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7f1410739c1a516b82187782ab65b1a

SHA1
b4e7c9d8504e3d0ea7229b31e7a380dd97c0657a

SHA256
095a04d96642d556d00a631054efb0db18e22c55e1599952a5b40ce5e071f077

SHA512
45c693f7bd3f4b142389b052cebbbf1695fc70e4cf97da7c8f2fb74fd71142062c578a2f679212ff67bd138eef2b90b0467849bccc4b40513cbc4b024de9968d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96f7328f9104b69cffb8a7a7c17ddea5

SHA1
105666d9df1944ebab7779ded2a896ba4128b033

SHA256
5dd0fe8be156174958a57fd029c335d0b58c93277b8e2ed9506b1291c0de7baa

SHA512
7865086e49bae36e0e0a5932e498aed7b5d277792dca8caf2bc69c2fc593e6d593add2b1ea8fa4f5eadd615e528bf7c847187e9500cc5edd96dfbcc0c567b211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a6e8f2115280d908cbc8780c988fb9eb

SHA1
09e98965e6a2fdf5b5377d500b536e3a78cc5f0e

SHA256
f6097a96b98c2df3153a4df02013288e45f49400a8c175ccb19a277cbdd34a0d

SHA512
407067c2be9c4ae8b60b28603ae3f56aa903d30ccf18c4eac94df5771b15a6c50a8f5f58447d5b5cfea159f4ae8bab4f7624cb61b566093a79be2f34e89b3369

Download Submit