f9f50f3be1b6fb706f196e1f00240030825ce1d2f68e7f51e131a33287bd7b75

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7201dfa162098e782d47085f317edd.html
Size

3.5MB
MD5

de7201dfa162098e782d47085f317edd
SHA1

c86183ed1bd5f59077e5812d58a7b81bcf095ac7
SHA256

f9f50f3be1b6fb706f196e1f00240030825ce1d2f68e7f51e131a33287bd7b75
SHA512

699191c78a230b91bcaa8113f08d93bfe421a64c0b272e22df9a91efd5e28e2020e4b62dfb7d97815b3089a025f07e2356b1ef47487e8658c3422a65d1569768
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAK:jvQjte4tT62K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
824	identity_helper.exe
824	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1632	4360	msedge.exe	87
PID 4360 wrote to memory of 1632	4360	msedge.exe	87
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 868	4360	msedge.exe	89
PID 4360 wrote to memory of 868	4360	msedge.exe	89
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de7201dfa162098e782d47085f317edd.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8784446f8,0x7ff878444708,0x7ff878444718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
e023b3043e32a3cd8fa460b26abdf364

SHA1
beeb114bad88032c6de7c87e7f6a3b68bb07a01a

SHA256
26b4bd5a14a70800982249375df785a3fc679027e0450b51d91cab4675ec6fa5

SHA512
164ab304f88fe63e8e486d746c6d9bde88641abc2d46499d1f21280be9e06ab30cf7498b1cb34fcd280241ce5da2be41f21b1ee27153f1597205e3a471654883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86fb50a8ae83300a4a960784619da391

SHA1
578bdeff6590fdbbb964dc3bf889d84b7f8c1931

SHA256
37db596eded751070a92ced8f1449e6d190e1c381926650c7d352f22326a6986

SHA512
40c79672cd65de709bef134451b234dbfff8bb54e6e16ee324beb7cb4f5b981f95dd4efb662c3e24388d27b431a88f373a210ff81962c688edf2588169c9049d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
440bcda68be7f40e37eacebddaf12da0

SHA1
64b36e92491a4339b3208f91a12b05957c0573ea

SHA256
15ba9ae444645353d6fc4a43463116584c86f4197ed130d051a730a42a96cbaa

SHA512
63b25087491025dcf4dbd05579a6fc11da058512393d9cae72aaee230670088ed34c5156952ddaf17111a2ec4e346924054fd15d42b9ce95d620b06bd8a8eb23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f22d674e8129119cee420a42cbb99e8

SHA1
86975605d35189b0a283ccd976374552e541a4ac

SHA256
ba7f58c70cacd3b8d308cd21addd71fa0e344639094a4db2392ef8967f20e888

SHA512
ac6d31698d3469b9480da7c807cfaf72883dee21e37b1caeba6470e2691f1d83c602e12f5cc342a10b64116cb8bbae14724b5755d8eb5ae243fed065299dcaf5

Download Submit