7e8ae3dc0cf753bc7ed9e7270b8d1749c143f8bbaf0c5b3dc765317facf19e29

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

36a1ee4066968203fbe8c596855c6ce8
SHA1

18a95959fa237d5a795cf09b9f15ee684fd18f55
SHA256

aa0d1cfc22accb892a8f42d6883d5d631b4b56e4a262cc6fabb164a054325a3c
SHA512

6ee6d738b3914d7a45ff074e6207032a001a244a976a6c04d5a6e883c0ad441f9686ce7aa3bd260cd8310fa7341bb5cf4a19566fb7c2a9bb811ed0ce0596ef20
SSDEEP

3072:SMMYuF3GIYyfkMY+BES09JXAnyrZalI+YQ:SDY63dVsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
4808	msedge.exe
4808	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1588	4808	msedge.exe	83
PID 4808 wrote to memory of 1588	4808	msedge.exe	83
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4484	4808	msedge.exe	84
PID 4808 wrote to memory of 4600	4808	msedge.exe	85
PID 4808 wrote to memory of 4600	4808	msedge.exe	85
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86
PID 4808 wrote to memory of 472	4808	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16852027473210660569,2831337715761341223,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a93091f70fe27415da7e369b5e39d0fa

SHA1
9d7406c28845e76adacd6ca42ca8a9318be6b9a7

SHA256
e51b5ae7e78258ccf66b7f9bbcdb9ac6ee6695cdd13375d650f3c451ca727e13

SHA512
58fc0b8edaa626232a59d3fa1ccef168d0a808bcf0e614f62bc95783c34c1cf32aa5ded9846e28ef13de4d03727671b84fc79e16e5c7c8543f461ced4591b7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7cd3d762d58e5827fa9422039b457069

SHA1
0ed2d8d78ad6adc1917c1008f5e7133dfb862b76

SHA256
a304a13a0428462ec83f5eed57f2a9019aaebd354d8c30e7f3d5c82581fcab8c

SHA512
68f58c1e321ac6f1b528326ca4626e8167a4f2bfb82665bd3b4a6682ec487e6bb2f58cc7f1483435c4f38097506186d01c86f54d70eacfd77143078df194c0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21247a3b996ba302ef1c0cf7e13f9188

SHA1
a7ad1a7d58ca64f5b6955cd01cd490ff676be689

SHA256
78002696133f98d6308bae7cd125321fa43e5e2911b8127c334b8cff27991f61

SHA512
54bdd4b6e25c19bf9ec4110e44c87f406b5fd279056f3e7a063cc0f53dc1b40b6f3c3d9dba9826b9abd59f8ed37b67d5caa70ffe629aed3640bc246d66cccf96

Download Submit