5617c2386d509e32e0a9ddb39e0a485934b35b8bcb0d7cde34f79c93cf519ebf

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

68af726c86ae27aef7713e1f3777fa12
SHA1

00a594613da25aebc0413064e9d9893031b2cbf7
SHA256

ddb1c3c1c609ea65df84ed760d2836a172f8a30c7706eb53d3d61e5e35ecb119
SHA512

88f0031533de9cca9c494d398223a073ff8df0b77118d9b79824e9564d12105bcdecebc92f632504831db243fce606b8b11e5ec0ca8c85b99e51b81d5136c7bb
SSDEEP

3072:SMmKWH8VcVyfkMY+BES09JXAnyrZalI+YQ:SMmVH86AsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
448	msedge.exe
448	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe
776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
448	msedge.exe
448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe
448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 4688	448	msedge.exe	82
PID 448 wrote to memory of 4688	448	msedge.exe	82
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 2276	448	msedge.exe	83
PID 448 wrote to memory of 1820	448	msedge.exe	84
PID 448 wrote to memory of 1820	448	msedge.exe	84
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85
PID 448 wrote to memory of 5472	448	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0a546f8,0x7ff9a0a54708,0x7ff9a0a54718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14563596899062768217,3108808658067142344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:68

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15c4d08bfee463859d57d3160f348c30

SHA1
216b0af41c6e2c1c66ae362f5193beee3029bf03

SHA256
9c39f5d82adb2cbbd1c49a2e2bdcfcd8a36fb6818b9cd1f919edcfe31723ef81

SHA512
f8337a0895940434238e7a37e45fc0714ec46fd34ffe3a089965f8dceec850ec0767721db63df2a626ec7a38b21e3cf7f4e08d2da7998f0f6e308ca14bf5f6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
345cc287688149751b604e66ea083aeb

SHA1
5037d08a67986882fbbd7213e09cc909ab182f06

SHA256
7b412a836f84fc5df7f5a937abf5ae80b93932380be26a6dafc1a22100e3e502

SHA512
7c6ccf013b2339b106f6b58a0c948839a9f065c4dd958c01746412de943bc9940438cd044c3164f9cf71c151693037a9b5fe0cd90fc4f012a70024b6357b3f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37dcbfc8286e3521bfa2af08715fc27b

SHA1
8d84d85c5c0c5ad252be3f6c2df2de492887c9b5

SHA256
0df0b9a5b009c9173d603b35af24e03e5660c5aeabd35d59b76443bca3145579

SHA512
24cb521370b75fce06e72b7d830d20b0df678627d8e3162c5093348776bd8699a83c5006cccf51ac95251d76b83a78535d1d208688e2940bb4250ce2610cb69f

Download Submit