bcb6c6e9984859e1bd0070f9d62c46241e69a2118b951018e9d956938cb2bed9

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

213KB
MD5

46ea53eb20d8b5966096ae5982f742cc
SHA1

e330798edb8eba16f56e0faca10b60774d3e28c6
SHA256

ed83212af266ec65f5d6fe751a918326d4e7b9f6e20661dd42e0e2aaebe6bb5e
SHA512

de14ec986bb638da21603bc9b6a3f9f12f86c4e125524ed401b4f6d1eb23eccfc82f02d7cb4b8693b6fb469c015ea3c5278f24bb059da7ba9a403b158386474a
SSDEEP

3072:SmnyetJxmRfUyfkMY+BES09JXAnyrZalI+YQ:SmfiZsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3160	msedge.exe
3160	msedge.exe
208	msedge.exe
208	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
208	msedge.exe
208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe
208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 3240	208	msedge.exe	83
PID 208 wrote to memory of 3240	208	msedge.exe	83
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 2068	208	msedge.exe	84
PID 208 wrote to memory of 3160	208	msedge.exe	85
PID 208 wrote to memory of 3160	208	msedge.exe	85
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86
PID 208 wrote to memory of 2780	208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3ad546f8,0x7ffa3ad54708,0x7ffa3ad54718
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10226513108576912756,6651889634476699086,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ddf6343cbfdd13d287eff35b7006304

SHA1
5cda96737c93ab2845c682b7cba181799d32d5a3

SHA256
2efd6293f7d9ec1a4fd5cdf0ff4ec7ab499e2ee03cb98cc49ec4ed40a83d5bff

SHA512
15539632ea4fc55e08edd618ef184cb7dce2131adc010329110d528bec0d5fb1b75eb429ddeade6c7e202f85fb4cb343364dc3f79474a1cb4078b51b78f975d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3d315b0248e78fc62c5cafe32d4e237

SHA1
2058721bb407bcdb1b8ffd5605239ca710b2a140

SHA256
78aebfe21e1d65b1a941db161de1149d233f90e4a1884add7db5ed63c1446bb0

SHA512
2e21b7369aaf541092c36ff9c929a1efb44a0d73eb063ca6095e2f198fed0151ae29255c64aebdf8a0a67b2325f9b656521b9e56a0179c2dd30ddee5dd5eb29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4681309cb335edf352f36f672d6407ae

SHA1
1929797c2ed1253a2f2268effb94be7f1060b246

SHA256
f2599de0c9ac941527491b3b28775d17d0c2da0b94953dc21314e7075202bb67

SHA512
21f71a11c57ef940d6ffde477f5f05311790bb5b6f938804778a0d1eecfbab989544882b2802de50b992419df3c2a9406de86fb3546a1d78ba75d906e30b60ef

Download Submit