Overview

overview

1

Static

static

1

sample.html

windows7-x64

1

sample.html

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 04:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    218KB

  • MD5

    ae840ae005555141a899c19d96aabb5a

  • SHA1

    e58f31b9b8ffa78576a8d1a767105b0000c705be

  • SHA256

    15eca9fd0dc9f4e2003f2d2ed41a8c1646edf6de9f7e3e50bdef24caba4dbac7

  • SHA512

    c5fc424aba32da6fec97533992de9339f8857d6d05287c82fddf062d196e3c852e062c970616fcb90b44501e3a6a1b0cb5c232c92c60abb87c97b725cdbf5023

  • SSDEEP

    3072:SMVfbkf7WfyfkMY+BES09JXAnyrZalI+YQ:SMVf4fiqsMYod+X3oI+YQ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa047246f8,0x7ffa04724708,0x7ffa04724718
      2⤵
        PID:1280
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:3608
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1480
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:4284
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:2712
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:3640
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,436961236137242135,16226249494261455132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5056
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:640
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:2512

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  f61fa5143fe872d1d8f1e9f8dc6544f9

                  SHA1

                  df44bab94d7388fb38c63085ec4db80cfc5eb009

                  SHA256

                  284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                  SHA512

                  971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                  Filesize

                  152B

                  MD5

                  87f7abeb82600e1e640b843ad50fe0a1

                  SHA1

                  045bbada3f23fc59941bf7d0210fb160cb78ae87

                  SHA256

                  b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                  SHA512

                  ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  8a716cf4d1dd38865eb375450e2ad3d5

                  SHA1

                  945b15c1a2f34944a619d252a8f9fe2f96b92f25

                  SHA256

                  7e266d08dabb35125b473ffc2de2da27a51ba54de113f7c5f11cd2424062d94d

                  SHA512

                  455016e87c9b4555ccd54b972a51dfc866728048d40e9ee1d21063a3e6260231c96758e58de8848db032a025b9171d57e2705b7a9ac02c8598ea16f27618d98b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                  Filesize

                  6KB

                  MD5

                  d14ecb5527d6eb17de1c604ff101b861

                  SHA1

                  6878b9f13b8ae73bed36b8a2cd15ef1b9cc2526d

                  SHA256

                  d156562ea3a08fa520f45fd784893cf3385d976a58cbccacf3d538dc9832c339

                  SHA512

                  513099acc491d084481220a53e0072556722329668f4734be28935c3ac02ce2c5b9e227cac88accd5ec850703280779f133e622df116109bee68495a27ca9591

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                  Filesize

                  11KB

                  MD5

                  7e1f5a6ac204ee997e0f390ba0519b02

                  SHA1

                  b612dd8a44129311fa33ecb248a34b9fc7a0f24f

                  SHA256

                  7a4aa3c68f3a36435771cabae3557fe0fa619b304d66f2ecc4c61815d943d8fb

                  SHA512

                  78e2673473ecef16f86c3c47777a4220a97662eda20cc4755e3784cb54cd7592197b55dbabe0ffa33e65e6994f7f55104d417f59ca1e3d5682274d6ee650b614

                  Download Submit