2579ee428a7da453c21b2a3d6fe6c6685c33dec36f464d278b0e566ea949610c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7bb1c6024925001b55cb7bd920c7773.html
Size

15KB
MD5

d7bb1c6024925001b55cb7bd920c7773
SHA1

98b7c983a825b5f7c32e575abdb3e41371533d97
SHA256

2579ee428a7da453c21b2a3d6fe6c6685c33dec36f464d278b0e566ea949610c
SHA512

ceff61d9e086589287237fa88c25ee19bfed2ff104b58335592e095a2a87bd2b1e17ceec94c95a9c5a148d79c6201e392e4dc00f8c537ab65abd5fe855fc0c16
SSDEEP

384:SI2wQE4CseMZ5D3K5k3wkeIKns1Yl5vG/lDf+R/wliEkEAk5bXOGwUZ:SIM5D3K5k3wkeIKns1S5O/lDf+VwliET

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
2452	msedge.exe
2452	msedge.exe
5172	msedge.exe
5172	msedge.exe
5172	msedge.exe
5172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 5624	2452	msedge.exe	89
PID 2452 wrote to memory of 5624	2452	msedge.exe	89
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 3044	2452	msedge.exe	90
PID 2452 wrote to memory of 4676	2452	msedge.exe	91
PID 2452 wrote to memory of 4676	2452	msedge.exe	91
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92
PID 2452 wrote to memory of 1864	2452	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d7bb1c6024925001b55cb7bd920c7773.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc4718
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,18085800397126186841,11996173830282844000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b8cc685e420926bf4b3a84ba9c2f107

SHA1
3958af1025bbe9cdbf1c494fca6b96d9dcd485cf

SHA256
99dcf2b5a208c2a2e0cb57777d3ffd3e9129c374600d85da70d2bac6e84890f0

SHA512
268b551c9c8055176dcf255ba4016069f91cd59401dc30746265bf9be448c13ce62af94db51517387c012e44eab891ae3ac4446233b516b0e8dcdc6fbb7a453b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d5598ce89c4c1a491c818b70cbc5c5f

SHA1
df650b507e601eb259767f085636343a85ce1974

SHA256
2ff3cf53c222ade4cd93f76ad0a6a4566d1b9660d5f08fcd2b8fe5f9c116f272

SHA512
a8b5322981ea48314fec5338eaf5e1e81142cfaae98ea34b1965de5ac521a54b7dbe1b0f6d931b998fae3f0baa335fa2188b8e86295a5d3c7951f577e38af3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
925611970ec42562daa5a6c3c46d197b

SHA1
2fbae3da6e09904f3517a2ea86fc8cc7476285fa

SHA256
0aa9ee418efe473a4d6d153bb50e4ca12d07ba7b004036e88bb73983a6eae332

SHA512
f57d8c71487a02cac0f4fb295e68e43b61dc0f92a4e0009a549f2b0201201f0320eae8435c439f3a72f7b473e950c267bc656e290f1241b37233ed996f8eea3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5421d2cac9f40d02f2cb8eac1ab36033

SHA1
6d253b4a1812ea47abe79a11194e65d9fc003ebe

SHA256
b4c74c60d688b6a9bafd309a9f2a5d4ee9af616e779628ef28aececeeb884ef5

SHA512
02f815f25918fb7fb5d0f4db5c8e185e1f3c35d58f4aba0e65c17698668a77643aeca3903cf0ebae13af40f830f2123b88b7cd3de6b1390594ece19e62c355ed

Download Submit