Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04-05-2024 07:24
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240419-en
General
-
Target
sample.html
-
Size
213KB
-
MD5
7ee68d43045f2be150c182ac9452ebd5
-
SHA1
a6ee0cb7e3a882e2fa0a35499f27c811c372ba00
-
SHA256
58b9391c7f4412e7773303743798f514d7ecc6f29dc35aa76d7b56641500ac6a
-
SHA512
ab8795d3087d700665bd2fd9c3a7c8604eee381d24322669802971ae050ab00c3dc72f97ab5a55a0da850ccb4b3cfcc7538f39b984542ae7c5ac95a51cffa3b8
-
SSDEEP
3072:SWCFkjY8GQINxm2+5yfkMY+BES09JXAnyrZalI+YQ:SWCF6p+xOcsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2828 msedge.exe 2828 msedge.exe 1120 msedge.exe 1120 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe 4316 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe 1120 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1120 wrote to memory of 3064 1120 msedge.exe 84 PID 1120 wrote to memory of 3064 1120 msedge.exe 84 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 3280 1120 msedge.exe 85 PID 1120 wrote to memory of 2828 1120 msedge.exe 86 PID 1120 wrote to memory of 2828 1120 msedge.exe 86 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87 PID 1120 wrote to memory of 4748 1120 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9fd246f8,0x7ffd9fd24708,0x7ffd9fd247182⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,11497042485642652039,2520302013090833330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4844
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
Filesize
5KB
MD56683460a1944d98c2d2c2eec156e4a99
SHA166d9e5f85c1ec6e491f38cb1dab5257c4755fc56
SHA2562680b2fffe7611b2cc5683e08ea1cff9e303ec12467ba3328e890243ba64e94d
SHA51267630428afa51433cba45b8850b9b6fdb5a28b98b7aad9035594891efbc21b720b448e1e5f1b3fd8342f466a9532286636257b94b831c85084b5c05e81d1d45d
-
Filesize
6KB
MD59fa99dde20b59233d699202500d2c39e
SHA1504e910aa155f7e3577c7abe0d3f684c9d1a31e6
SHA25616aa036d0480ac03e43301889ce6315395752712a14a6ad78905e61c0ea70673
SHA512d083f6507349fe805a97a88909b58b47070b2956ca740f864b19dda8c9cfca41046a98a6692fbfbd2089c43bfabf7d9708238ba2417d832f64b53a9463f86a22
-
Filesize
11KB
MD58eb752540ea2ef49bc05a9d47cfd5497
SHA11a59296326068ab6ca23e32a0bd9746af87bfdb1
SHA2568424b8a5a011bd184425c9aedcaf5b6717fc28dc69c17c813bd94049ec1b1289
SHA51213abb6949c735151a6a6a11a9e30bba60da3f71577f01b2b10de9f219454e2abcbef7ba4f168abc33defbb36c9641e5d07e6695b606e2c6100355f82b234e190