bccea92012c0270e40eb01f11f21601cad43e6fb45da576d1e0378a54d1d6272

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 11:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e19182dd75b73f4147fbf79cca3b0eb5.html
Size

71KB
MD5

e19182dd75b73f4147fbf79cca3b0eb5
SHA1

475816ceaf263bae21d1781950d5275f9b591ff6
SHA256

bccea92012c0270e40eb01f11f21601cad43e6fb45da576d1e0378a54d1d6272
SHA512

e348f8306b17ecddf0c507c7d19e12350e9bd7482239415d39e68e35e90bacb8666f4702f07b414f2e866fa77d1334d0afbdc4fa36a30fbb4bf117d4478097fd
SSDEEP

1536:CabquklcMklc2klc7uG/bI+3zkcKklcPEijZeqhUEijZeqLyUf/DZvLa7mEgM7bc:tklcMklc2klc7uG/bI+3zkcKklcPEijy

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
488	msedge.exe
488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe
488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 4076	488	msedge.exe	87
PID 488 wrote to memory of 4076	488	msedge.exe	87
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2444	488	msedge.exe	88
PID 488 wrote to memory of 2552	488	msedge.exe	89
PID 488 wrote to memory of 2552	488	msedge.exe	89
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90
PID 488 wrote to memory of 1124	488	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e19182dd75b73f4147fbf79cca3b0eb5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec0d846f8,0x7ffec0d84708,0x7ffec0d84718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,7605889662660938531,12968250482498590909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b448c067ed24eb5de27a87da4d34eda

SHA1
727bb4258cb5c0e510f120394b21dc9665114da5

SHA256
7440d99bc65e9be3a76498f332d6661856144a68c0a3dcda5401871b1152dc37

SHA512
67417520fbf72aa80312f941e14099069730beeda5bb1fce92b4c3890f0fb0de70aade9757c177efe22eb0d85bedc68363ec77d6548981ebbd76e14ecdd8f267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95cc992e71406989eea7de5de6a62c2a

SHA1
df9fbc0727bb6516e159f989ea48c1f590ebfd5c

SHA256
a1a4934417b5becc81f5e12b82993adca8e3585c4c8f7c685c306e2dca2ff19d

SHA512
4f07072cc5d4afdb23b1307c97eba0111b2c973b6886ee6ffcda2e7fe888208ada165b340e2198e7cfd7d8c56f1fbd2962ddcbbe3b49c539edff458d43f08443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df5f666e8a1f5e64cebd6361d91175d5

SHA1
7ebdf5a1f045275634ee634458d3dc99d871ad98

SHA256
50bac150e3c531bde5e822aee625c17a2e5a83c7cb843560dadf4fbdc1ebdfbb

SHA512
113527351e513a7ca32dfbb5e2d8a1610e567cc3eb89d2920e2466687ddb7548a0a97eb8b458102d28b40833a32a631b6a0d9c049a71f6e81b301676435ae42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ffa7417469b2d0570deec1fae40d16ec

SHA1
98f6c895509c31d82355059a8aa5258233ce255e

SHA256
3973f5eae77c7f86aa685d930755e50dddb58448eb6bf28c0d44f916a89249a9

SHA512
9a4ddd4274e148a46c063021bd3ee2236d78ac27dacf895d8e2787b54e261a9750b636abbb4c9f63460e6f7df4c1febae31261e32d9d3be491fc6e59f36b5fc2

Download Submit