7afa194fbf3525c33bb89412594710029d50e6e3e9991f4c9d6dd2c7de4e17c7

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4492f6a669755dc05823f6fed55c511.html
Size

46KB
MD5

d4492f6a669755dc05823f6fed55c511
SHA1

d233ff47f49f6f658443b6dce33b41881daa98f0
SHA256

7afa194fbf3525c33bb89412594710029d50e6e3e9991f4c9d6dd2c7de4e17c7
SHA512

091fcb13f4a29db53284afff88a22e512f927cd630a6f79b24505f3483f2962b71bd52e1f8697a7e1018f0f1dd7d70be6adc6764afcfbe3a722ae63960f7a685
SSDEEP

768:yhIRIOITIwIgIJKZgNDPIwIGI5IyJ7SGIRIOITIwIgIiKZgNDqIwIGI5IEJ7SO1C:cIRIOITIwIgIJKZgNDPIwIGI5IyJ7SGy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
452	msedge.exe
452	msedge.exe
2136	identity_helper.exe
2136	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1096	452	msedge.exe	87
PID 452 wrote to memory of 1096	452	msedge.exe	87
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3960	452	msedge.exe	88
PID 452 wrote to memory of 3240	452	msedge.exe	89
PID 452 wrote to memory of 3240	452	msedge.exe	89
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90
PID 452 wrote to memory of 3688	452	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d4492f6a669755dc05823f6fed55c511.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad6d046f8,0x7ffad6d04708,0x7ffad6d04718
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17526960191354868155,11843863284543809173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
308B

MD5
1e86a78a1bae81f2295adcb93decc6d2

SHA1
56130267e7743fb7101735274d5bde1b93c57fce

SHA256
b9af610225f97000c10e49d57a101f2568715408320de5dd4598dfc10b7d149f

SHA512
d288aa83cd70010e6aa4728efc413d9f54b1e15c473a92c2c918c40bc65aa3aeb72daa1b0295724f3330ee06bd51598d4167222130c6f7e1403de41131f8493d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a5e22d421a854236eefac3a72d71ca4

SHA1
dacaf9d5e57db8ca665a57011d7b66a5a472dde9

SHA256
b5622adac2e9a1c495ce2009fd8ec3c64acc9dd8580cc59aaff40acacc8b0c9c

SHA512
5ea8c023ee49436353515060b543097e56a8d383c70c4d6aa3550fe8ca390758bd6c1cba51f89ba1b1bcc4826cee2ca1ba1dc4a221a16ca22c8b069d05bdbeca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
acde312e2bc7e774bb643a56d67d92fa

SHA1
28bb7d29b5f786bcf416104fa3c978313c72aa0e

SHA256
1ad2f3c866a6128d1bcce9fa57b39226c1003e677b1cb10779d45812ae245ed5

SHA512
75ef68bf03576129f520d769d74042f02f1eca616ae313b5f79d106d66e4e4644a89c0213540067d5e5da4fce011799d17309f3eb88b5a4b86c44d23ef084298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb2368ece4649e804f1dfb790d5a2db0

SHA1
66884a72ee0856fc3ef3cc533b9a24e0093e79fe

SHA256
d32e57be651a5d4564c6819c2aef71a768df217ad9d5464b823109a88ba5b539

SHA512
1772b6215edb7169027281c3f8ff34d0f66c4d5689dba87a565bff4a8a9c5a9d73d1af287596ddfbaf25e5b72ee2830cb30f82870b74f2906e11b2053394b742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f20e61c4-6959-4a45-b20b-1b67a9e494ca.tmp

Filesize
6KB

MD5
11e88f1b244040ca986782e16d6797d7

SHA1
636a523353ff10d91a7b398480e5fdf37e2f581a

SHA256
0f6467755af7dc971a7698fa239bb5dca87bd5e8f06a6a00d56df30400f1f1db

SHA512
7284101e1e247e6bc7e5ef98f57251d7d970ece61d93d99cfaa6a3d2fcdc9127e8716b067c362e91e743a1f0fb8eaf2259137cff8a7ac3baf5011dec41b5f0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
471f228ddb0c5564df175bff9cb7c2a6

SHA1
bc62c973c6354e1470e4679f5e74a8d385ebb142

SHA256
cd00dd56da3d10a6a35671851c0d5f075cc607ae16b5342466884ea24f13fbb0

SHA512
664f3e8c3d75195e0bda949a22fb82575d6114c0ed6af7b52555727e4db93da552787e0dbf44239e105b8334b6d93a3aa3b4b3f3efdd8f7a66313d47a4fa2a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9b6485c94e80fcc1b7cd0cde329d9b00

SHA1
d898bdcea10316cd3bf56df1fb1aa7de1b8110ce

SHA256
bca30612fd959bcab860e7e3fe48b1cbc50f6ecac0ddac208e369272dea8e1b5

SHA512
328b8a9a251a33ba4b0fd1841ad4a5c6e7569b783fe8abc7612de66758d9970629258109281d77d351b856e2987f4d060ad5b4e968989e06f394e36190f00cc7

Download Submit