e7175fc17ae6b784f6e472963f0567f8c5691c48e666a0b8d11037b7efc38380

Analysis

max time kernel
109s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-es
resource tags

arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/05/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

733.html
Size

36KB
MD5

66f1b583e1ff1069c267cba97132a0f3
SHA1

85f640d819392de92904ef586e84a8e04689779b
SHA256

e7175fc17ae6b784f6e472963f0567f8c5691c48e666a0b8d11037b7efc38380
SHA512

0f72bc2cc033c491eb558d16a62672b533a4c6952bd1143794c2ebcb072b4e7635a60d98d620ad8a7614fd0cdf6ce9c8687e0d17f194e682077291f290ee2932
SSDEEP

768:p9ljwNLV3H58GP2DTzTzTBT/TZT4TNToTJT9TXTeTGTuTv8TKT7T0T4TXjTaTCTU:nJoLVX58GPePX9LtkhEFZTC6awW/4Mjw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
848	msedge.exe
848	msedge.exe
3280	msedge.exe
3280	msedge.exe
4392	identity_helper.exe
4392	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3280 wrote to memory of 4796	3280	msedge.exe	80
PID 3280 wrote to memory of 4796	3280	msedge.exe	80
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 5112	3280	msedge.exe	82
PID 3280 wrote to memory of 848	3280	msedge.exe	83
PID 3280 wrote to memory of 848	3280	msedge.exe	83
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84
PID 3280 wrote to memory of 2016	3280	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\733.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986be46f8,0x7ff986be4708,0x7ff986be4718
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5781614571877327962,15539420762636952352,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6ad22fc640a68afcc7a40014ca81f518

SHA1
61042e0a3d8c12afc7cdaf8831b5c5fc651b3abe

SHA256
bd2bd95848bbd01168439b6d40d2a35248ff20d287b4345efeb3a4ed964f6973

SHA512
9fc3b779f29d7c3923777d2122859cbf4e60169c4d1da2acdfcc8893d5fe0c5a7ebeedba37863904aae579b2db4f7b618ae13a6264d6165a63086d59c6bbb945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
512B

MD5
97b3bfde12cd808313e8ff722d42d359

SHA1
f37d847a1b6370cb7a30148b830272db7337c466

SHA256
2403ad4b1ce8ccdbfffb433d7d94339bf5352b7e67c15e7a7b8f3ff095cf9cfc

SHA512
3a59a900a13806ce3df5f5b0a32a7c9a4f098521bc02c84702860e49489e42135881c3b262895660fd366c3f390aacbe7886e69eb070918e64ebb815400cec47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6fdde971d509a1e919b28f9f310cded

SHA1
9910dba94f96aa2ec199eae49a8632382074fa0a

SHA256
b8a5a23c6b0db64973065e4a6132a8c0ad3e98867b884063b243a814628fb163

SHA512
791022f72d7c3d333d20b24f6cf4605cf27c02b56e4c573cbd697e3ddad0c2d35ba038ff035b672fe067108669fca2cfe138a84507743174b0bcccfd451389b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d203de7c0169a5d3110c9007b1652a05

SHA1
ea20dd61613c9eeda5be13149597af790235cae2

SHA256
9b6bca58cf4c27dadd0ae27f17b309587711ed0b0d93df89f2f6e80d17bdc47b

SHA512
a18c5ecd352bdfa1bdb414a884ec966974d4e915b3682eaee55905f896a5d021681cc660ee31955c48c217fa11d209c908816d1af4ca02b934320f573afbdd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
697B

MD5
d627e0fbc7c41bcfbbc69656671801ba

SHA1
f944d317e77d48e32cd190bbaebe9535f3543163

SHA256
9dde8d59857f5285e5c9496644ed0366854069d3a5c693750b84273856b0ccd7

SHA512
82a6eb780f6312192bdb98785ba8d49ec03df3a199be8acfd7a46e0605690bb66df0e8fb80d56ad76a4a63644862c91dea7ed216de47b3de7fd8766f280b44b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d3cb.TMP

Filesize
203B

MD5
42c93d8a2d20001fb774d26c725a5eee

SHA1
4ebddd0243ef60fa368f7066c667dd31984f0e2a

SHA256
44b73f0a1a656d913b7f75195c121868f08fb06f58759a2050b1edff6e90ee16

SHA512
ac282b2a114ded4f6b06440a533932bbdcc24e5677d2f6f3edbf2229e93a1a8199257680156207431841fb7238495ed3b1c004f5e9e29782a8b1f3f66b24b6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8254e7bb6d101d73f6f30ba67f65671

SHA1
85421cdd3efe517df88ff8d76d14120aece0c1eb

SHA256
ffd0d2dee7ba391b4500fc73dcea294e6330d15b582a790255cfb533121bc13b

SHA512
0531e1ca865160f92cf205fbd209671477c0b30820de7939ab520d4fa22fc2b516d796e28d71a527c54aae3d8e56050684b4e8a6f7ae9696a63ca50f5a9ad1eb

Download Submit