5e860758316174cb44bdd2fea47d093516d6241cba49261537c5a93d94bb1a68

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de5909691f6c5281b50f73893b5c7d49.html
Size

219KB
MD5

de5909691f6c5281b50f73893b5c7d49
SHA1

266722db3f78040a93971083e8e99e3b2e25af18
SHA256

5e860758316174cb44bdd2fea47d093516d6241cba49261537c5a93d94bb1a68
SHA512

e1be6967db05221c403f3f73f6de82cebb633c083bca22790d930260084ebd98d88a054f802244ddccf66c64a235a4015a9cc0a0dcc7df2e9d54bbfa19a9a667
SSDEEP

1536:+cHv7F+x1VB+/P3Ycyj5e/iDAL/Wzb+OCFwdkVzqbEo6zH5FiUBGS+rhQGgefE0E:+cHTcx1H49e6zYvMACRzvGILJb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1812	msedge.exe
1812	msedge.exe
1632	msedge.exe
1632	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 3924	1632	msedge.exe	88
PID 1632 wrote to memory of 3924	1632	msedge.exe	88
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 4600	1632	msedge.exe	89
PID 1632 wrote to memory of 1812	1632	msedge.exe	90
PID 1632 wrote to memory of 1812	1632	msedge.exe	90
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91
PID 1632 wrote to memory of 4528	1632	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de5909691f6c5281b50f73893b5c7d49.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff27d246f8,0x7fff27d24708,0x7fff27d24718
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,18070331474210741497,13946118921205765422,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2e84dc9293b27e1886de59e8a4a983c3

SHA1
5e601b905c6daee28b460328af79f80cb916fcd8

SHA256
f00a0d653ff3d6e01c451211a0dd9d3c4b630b3652de59d0ac7717254c2b8443

SHA512
24532cbf427f3ebdf958cd8c4ebe9465edbf321eca515f41e5d578dbb1d76e4fbb98ff4bd7b765b413bdef10cb25efc4e6072be7cf7da08f1776cd0118c55c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4da148fc2532c715dd0901be9a18b5ce

SHA1
3c4c3623e7a22d9c1d93317ba700c414d66f9073

SHA256
505f9b97f49508ec562e92e38b8efba1b4b0c5468f32bd5c138b56e7eaf318de

SHA512
5169e9a88bfa79268b826f69de06edc9ea7d679397e5232f662a5c5c4bd5de3318eab571cef87f594eaebee4dc83c906ac076755605c38e1b2b941894d1c578b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbbf23d265b941b69be29aea8e58552a

SHA1
e87353276d0f42e106005b96dd738296e299c039

SHA256
b4f5bf01a225ea78477db0790c9af4b8b6b4cf2802d428163ab3756f5d72b720

SHA512
24e41e610736aa6edda617fb5d554516d84fe68b8d09250d932d37cb5e7524fc3773761a1ae06bb5875b3abf96c2ced3aefa3e9985be366d55945cbd0983e2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0930d8c2e958fc28ef10f5661ba1da12

SHA1
3fff64df170e61a5d0eb0bd3fbec9a74c68a87ee

SHA256
9c9c13b03e0a06d19f29e8699d1ee5356a007bea27aa5a5612e3bde16834e56a

SHA512
f29b5c2fe7dc068a08fdf5a10f6586502ec6354a5f3542d7b9c9a499152022606beb98fc4ff3d1e0d51f28eeb9dc861e33a6e80c990c289789ec795672cabd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f5fcab0b0fbabfd37630ad84eaab291

SHA1
5af9859c055e19b848b5a938284dccb24cc21dbd

SHA256
57c7f773ce2b390583bd3f75316ac6f47a76431e1268f05f3a306d255c397d6c

SHA512
003646c079eaa2b10a17b902b3202fc2b4a4fb94a23982c58923d02d57670dd7e88ac595820e5eaba3d34893ce9f086212cedf01f44d1e136b5e27a60ad27dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9bdeb77e5fc94d949294dec722e2e71b

SHA1
6270aff1f197bbc5c27b859a79ee2eb9e6235377

SHA256
867f0aa9eec48681b0fed45b42581537e8abc134708251b9eb88c69d6befbd59

SHA512
8c2b2525a83a8bee6daf6b333e910b76275139af97dd1c30f6c0a535d99a0454c88e374fb2e6fa0bd23c90751e05776fd7741b646414bbd3ce1bb2c24b1a002e

Download Submit