Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20/05/2024, 03:47
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.html
Resource
win10v2004-20240426-en
General
-
Target
sample.html
-
Size
220KB
-
MD5
2ff72fa0a7da52b01fc2c08ca5ae4105
-
SHA1
66f5e670f0108a575e9811e269eb0905b86a262c
-
SHA256
4ec17a0b58eec61d04ebc34f81170362c21d27c68a649b0e04ad4a80fcc5a7d2
-
SHA512
13fce44e9decb7b64624e190247f1fa01ddbb585d3e1fa4c3f03a9931397e3d187499b8c3cd5e8a55ef93913942000e65ba12ddab536e8f2a15fd311eeb2869e
-
SSDEEP
3072:SmyjVEy1E2DyZ/+TyfkMY+BES09JXAnyrZalI+YQ:SmyLWPsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3824 msedge.exe 3824 msedge.exe 2340 msedge.exe 2340 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe 4672 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2340 msedge.exe 2340 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2340 wrote to memory of 4408 2340 msedge.exe 83 PID 2340 wrote to memory of 4408 2340 msedge.exe 83 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 4972 2340 msedge.exe 84 PID 2340 wrote to memory of 3824 2340 msedge.exe 85 PID 2340 wrote to memory of 3824 2340 msedge.exe 85 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86 PID 2340 wrote to memory of 840 2340 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe8ad46f8,0x7fffe8ad4708,0x7fffe8ad47182⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵PID:840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16559155935084885781,2015393934217097195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
5KB
MD5766f601cf6c442494d123af71bcc4d68
SHA101a474d08e8f719b40ea4741903e5c338fd84ad3
SHA25639b7c669cf8a79cdeeecff51d9cd0a52e8fdac1664cde315921d7e7ae5f12637
SHA5124bcfa41064d55578bc32da20f8dea8303bd0282004e11080698bbb01e91efbe01c00105b9f3381f8f95e22608cd08f339a467005c33dfffb7469a61d047ac2aa
-
Filesize
6KB
MD5567fda7769d72e6d50957d97d4772d6b
SHA1a324471038f4b1e660e57c8a11baf8e6cca1559b
SHA256d9cb18e88118b5691977ac0558a91191c28ee7673280e98182fa9a68ef39bd69
SHA512ac4c71cff0048b67c09278860e81574f84784af140d91f9df035f5b9d3a5673384c317348edd0ed3790b931f24ef99424e2a93f6208a8996ac2ec3813e43d1ce
-
Filesize
11KB
MD5a9ca2c3e0a7e7b126ab4710f4778e8e5
SHA167cc2ea6bf2b537b06052c425465e0d7460814cb
SHA256e6382a7f95f6dc46fb43c4ee3afb2300118c15fbde1aa8fab2c0708a470d7d07
SHA51233d904aeebc3fc89496a82c2951a1c606766d9631ce1a64086f9bd420efc45d76d4e55bc3ca61a9fd55526a4b15b660572c65b65f23d331f8c4ffb104cf41fcf