0fe5e736ef5c10f39acd3d2423d4b8d57ce07310ccc29831c80129d59b7452f0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

f90efbc2e4f3042725079af9fd68db85
SHA1

9a69c124a77993185b16fa2686aec15f844f6603
SHA256

cce9eb9d69147672e515a1f5f3c12dd2e5e3340dd75a4977d0dad79bd539194e
SHA512

3875d4b6e5824ee37268b346408dab6ed175b75b365718654ada2b5378611caaa823b440ae849c0b3dfa9ea99291308a565e7fc392bc916ea24e8cd15c09e94c
SSDEEP

3072:SbhN8pByrvxVyfkMY+BES09JXAnyrZalI+YQ:SX8rytAsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
528	msedge.exe
528	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
528	msedge.exe
528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 1336	528	msedge.exe	83
PID 528 wrote to memory of 1336	528	msedge.exe	83
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 4536	528	msedge.exe	84
PID 528 wrote to memory of 2160	528	msedge.exe	85
PID 528 wrote to memory of 2160	528	msedge.exe	85
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86
PID 528 wrote to memory of 2164	528	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf95b46f8,0x7ffdf95b4708,0x7ffdf95b4718
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17463806538650104306,10923096157458157599,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15dd280c-cfa9-48af-9222-2ed96526e2cf.tmp

Filesize
6KB

MD5
8f7f117e619ddb82238b40d07742e436

SHA1
7edc472bb54547acd116653ede5736020bfe3984

SHA256
f0b716a0e8f17ae5ed9e55cbbca248dfdaeddf8ba28fd88886c6844e7982d85d

SHA512
4f4a7d835d2ffb145e2c296ca635b47b072f6498b9aae15bb3a1b3486d8dca65cec46ae86d513b5d7fccf0c3035ebfc54d7f72a6a7ef8c502b850fc87818eb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a17bdb2f4da8299baff6573838131d31

SHA1
715bf645cf7525aca0869965c5791f48653d4bc6

SHA256
056c9f6eb151a38ac077883f8ea28366e7faf9af8f774bcc6d388cc59aa57748

SHA512
d22d4592bf501ff9facbeeabba23a7918abde21138a457b91a5b5137dd9cea819bbbde1196931dd89dfd4bb2b7df554a34512549ef31a4f9b89d36e772b27b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c15602dc4ed149348bce3dd8b4524b5f

SHA1
d21931befeeac4260e75d20f97243214fe901408

SHA256
db5256efe79c4aeae3ba5be8350f06dab3b35dcd539c5574c6b1b0ca527b983e

SHA512
866cf6e8653b452a2e780431078f63f028156f5c593df317a152e0f39c18f83c6a4627b49d588903f6ae0bdbde971a376801461b46277a2ca453c9de7fe0da52

Download Submit