82b47daab63a93f9e73c18c6630893e6c8ff797297b2b4368da15a10524fdd26

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 13:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

6c5186faed099e418691e9566e5df4df
SHA1

7f418d5f63a0484855f6231904c38b37990d8d23
SHA256

4f6a48ee65950380bd3a0450cda5e519254379870c4f560e3ca3318fc90b8194
SHA512

cf565b538af616ed572e2febcd205f87ea7c4482206ed77075dd0e2ae94ca199343f2ff5da39487f8995b390c83172d1ee13e06a4c7598a0a1a0514b13ece7ad
SSDEEP

3072:SsuHoi/t3nxyfkMY+BES09JXAnyrZalI+YQ:Ss8Z0sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2268	1544	msedge.exe	83
PID 1544 wrote to memory of 2268	1544	msedge.exe	83
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 5008	1544	msedge.exe	84
PID 1544 wrote to memory of 2816	1544	msedge.exe	85
PID 1544 wrote to memory of 2816	1544	msedge.exe	85
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86
PID 1544 wrote to memory of 1644	1544	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88c1446f8,0x7ff88c144708,0x7ff88c144718
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1470983353814671808,10238019821710254535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d58af21db8261bc39d467b3ede3c47d

SHA1
10659afceaecdbd7c74e84b1935b2c94e83f243f

SHA256
9e246d456c6cceb5be640a36266ccf98975913e0471477bcc7f06832cebfb055

SHA512
b6a4dfe70b2256bd7251c7139df71617ee91ce81f4177a5811c691212d36687b60fd7abe0981ff7ec39664db09142e43e27fea99631bfaab676656943bca20a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
782fcfd31a3f3a37940a8aae4ada4efe

SHA1
13bd5238f81929ba910858c841b82275e9d0ad5d

SHA256
6c0c1761155b53e756b086be226dffbda32e689b6f78b2d2aa3c17bed37592c5

SHA512
73b74f4f411f422e49f122b952c3ab405447fb1c1cf62aeaa5560b3c2826ed4270478c1b00d3181e27ceaeaafa4abe589defefaa46c44f7df2a461b67f3e5462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f80bd545539021613666dc128f4749b6

SHA1
ed166c03b24f35d60cc8827ea3c391136c3dfe6c

SHA256
c170e931f1554b29c4325f67274166e583291f7553b9f149567458804e847dc9

SHA512
ccd3e0cc4bd8b3960152b0f43b81e210438217a5bf2ac29d06b0d4db8f80c9241d7197955362cefb4f876753f0a7665fa7647dbaaac53f4a4b64eb0b5a063c28

Download Submit