6c597791aa46025541ba291c5df01a7b5828baba46359c0be58e6a5f7cea87d5

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

liba52_plugin.dll?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
Size

6KB
MD5

19775519a7b5c3db5b1cb4b2e0602be8
SHA1

f31844d0df801223a22791ceed1183f3cab7394c
SHA256

6c597791aa46025541ba291c5df01a7b5828baba46359c0be58e6a5f7cea87d5
SHA512

3c55b819941e9063183bb46773ccd1f7e2de041396b0855eada952025c246764f414b3d9ba5599f191c0221f6541f7a8b49c420768fc87bce23f337f4a6b7f43
SSDEEP

192:ZViPMcMHy6qbDfuwFXaHGB/lo3NsVtPGVDUQE8uI:ZIPMcMHyp3Xf/yE8uI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 5032	2088	msedge.exe	86
PID 2088 wrote to memory of 5032	2088	msedge.exe	86
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 2648	2088	msedge.exe	89
PID 2088 wrote to memory of 4240	2088	msedge.exe	90
PID 2088 wrote to memory of 4240	2088	msedge.exe	90
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91
PID 2088 wrote to memory of 2688	2088	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\liba52_plugin.dll_id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbc4d46f8,0x7ffdbc4d4708,0x7ffdbc4d4718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,279535625466129721,1967260504545916453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
104aab1e178489256a1425b28119ec93

SHA1
0bcf8ad28df672c618cb832ba8de8f85bd858a6c

SHA256
b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01

SHA512
b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd987713f1052a48f901bd2e71b9b8f3

SHA1
a9ce2577540064a85012f50406aa82cf8a03a73a

SHA256
85e7258a3fc59c83223c23a209bcce11c6690696d3803736d3129ee9c88e8395

SHA512
86ddc87ab11509f97de7be011990b2b0700a01a423e88c04d6e3596e977b672e6ff8e49f401e15313bbaf967dd85a403dad79d82fad2d06b8e2b88315950d8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
464cb2744a20df279678fe51db3bff10

SHA1
db256458fb9f960a413dc5642fa083a4c0462c6a

SHA256
4eb3cafc3eba48a07608b8d86767a67552d3cf44a16f3c1a3786fe9633bd3189

SHA512
cc1a6319784dded97dd095eff30a737161101cb91e5e20aa931df0e32d4a127722f5695f2e2a73960fa6c9ea18c7787c93e4b5fab19f36c205cf85c8710f72f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
715fe8e4c275e6083b6998cfb0960256

SHA1
604ba0c1039a2917123e7b1225960e5f2dfedb62

SHA256
af99fe8687fc39e7e86cf77263f3a2fbf9066a19344ee109752686f18c535ffd

SHA512
ada9285f6fe80355a2177489e090cf8a3a05c6fec252d79548596ec36d13dbe507e6c916e0584a24bd6627dfb786d7eae17c57dc1e71f67b1ff23d314823fb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88460ba989ba54789e428fb0d1cb9f17

SHA1
b4ef1411174aa40209f279ea35322c45bcf6d228

SHA256
e188cbc4ccadd88a271f20761ede1c949b1f54fc426d7f9c76b8ff36147cc5b4

SHA512
3854f36bdf0a3b4008e8ef09fb948178e67ce0a11bf145d64a88a42abda1047e0179d93e9b51e4cf89ba36130c6d6e42a781e15f7b00428f2657e53cca4638e6

Download Submit