30b7e6d60a595381e6c3fb034ecd1124d5c544106b7383af78c93389a45cd8c8

Analysis

max time kernel
160s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vehicles/valkf/brakeglow/brakeglow_valk_fl.html
Size

2KB
MD5

1ddff95e8c21fa4e7a11df3ac1a24bca
SHA1

b6881e238fdbdea5813be6b0e4e5a720b120c029
SHA256

115b2d5ed9d35bf2229a4d387f09a31a1c3ec2bc112fec37b957470d0feadbb1
SHA512

6d11eeba3bcca34201e8d6fe6cb3ecb3fc6322505da1c844926fb5471dbb4559ed9fe3b7f439dae32e1f5fa4aa9b05858cc703f8213d44638ee89d717c32953e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
5096	msedge.exe
5096	msedge.exe
4984	identity_helper.exe
4984	identity_helper.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 4920	5096	msedge.exe	88
PID 5096 wrote to memory of 4920	5096	msedge.exe	88
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 3820	5096	msedge.exe	89
PID 5096 wrote to memory of 4292	5096	msedge.exe	90
PID 5096 wrote to memory of 4292	5096	msedge.exe	90
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93
PID 5096 wrote to memory of 1780	5096	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\vehicles\valkf\brakeglow\brakeglow_valk_fl.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa57246f8,0x7ffaa5724708,0x7ffaa5724718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10871186217651571675,13431856810199492076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2f0c76aa-dd03-4fcd-93e5-9d86173bde7c.tmp

Filesize
10KB

MD5
0f0ce98d8bf2fdbdc17759c5578f8e87

SHA1
42b7a0990ee49e5a77ab11fe412f1c6004a2d743

SHA256
217c040424b6aa9b8562f0ed1587179786a2f293c1e031d0a7397bbf4fcf64f2

SHA512
6c208b2011213f72e869ca3266ee7de233a3f9ea3cbc4efafc9bc60d2b3e3cd093dc62cbd30e28fe7d574456c5c1c90d3e325f8143f8b8a57d4bb19f53ef23f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8adaa1dbb28c8d43415173bca28ce9ff

SHA1
95b49e552582d7da0790a1e1fca4532edee27ccc

SHA256
527e2ed913b757859d70cbb4b0fd134312f86d869feae2c9a0497bc6b74cb07f

SHA512
6762d811e7619a7aea147b83f20055371990e6e3c35b83bde7c6864c7343b6a6639918481a8f7aeee69cf5637c4af50ae09c68a63001e157e9d0e70fa2371aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4727d8c193197dd8d0056052bf267138

SHA1
55716f58f782227259bac4005eeb01c4294cc958

SHA256
d9f62521fecea80c575f23ac878e67444638589aacd6e7338c15a40de218311c

SHA512
e2e2ed9f277acd580d732776e94a86a90409dea60bafcbad922971479ea14c3377e148b5b98c0910a40c1cac88702cdba2a88bbb4c760f0f88e319ab535cdbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b999da72fa32897287929da4ac02f8b8

SHA1
d4a23af372ca06f9990a000563bd59915ea91e16

SHA256
09028158441ce8fc786b9e1a9e85ad4dbbe582a99010ec02c67422516ac6c8e1

SHA512
a9049b5fabec094891e9b1c100949f541792fb9aafbd3f2d55a9c168ecd346263233df52b8c0055b1f70b94da940baafc733de7ef0c20954428fd84ea4730c5c

Download Submit