Resubmissions
20-05-2024 15:56
240520-tdqwzsha3x 120-05-2024 15:56
240520-tdcz5aha2x 120-05-2024 15:55
240520-tcxm5sgh9s 120-05-2024 15:52
240520-tba3ragh3z 1Analysis
-
max time kernel
26s -
max time network
17s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 15:56
Static task
static1
Behavioral task
behavioral1
Sample
c7T33m3O.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c7T33m3O.html
Resource
win10v2004-20240508-en
General
-
Target
c7T33m3O.html
-
Size
2KB
-
MD5
d8cff787a0fba5e2a3634dd14e6ace3f
-
SHA1
b65dc66ddb9ee42c8c2ec612d6e2f026956e6e93
-
SHA256
93a9c55184cd518c7dcb34612569b798abaf509010c922c4f30309a1dd47b9f6
-
SHA512
07c2781b895c5fdbf5e758df23c77ac2634f3bced9ebebd6de35d23c8e87bb4e46a20b98601537c0787edc1fac39146e1db4bb3148529940a47d053a69b2c3ea
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1196 msedge.exe 1196 msedge.exe 1056 msedge.exe 1056 msedge.exe 1748 identity_helper.exe 1748 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe 1056 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1056 wrote to memory of 2024 1056 msedge.exe 82 PID 1056 wrote to memory of 2024 1056 msedge.exe 82 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 556 1056 msedge.exe 86 PID 1056 wrote to memory of 1196 1056 msedge.exe 87 PID 1056 wrote to memory of 1196 1056 msedge.exe 87 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88 PID 1056 wrote to memory of 3824 1056 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7T33m3O.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d47182⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:82⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:2760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4123127734045853461,15860322892340033694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:4520
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2712
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD53d93080b0a5bd323074cbbcec44b990c
SHA1548dcc0322f32b3237ac155a08fe0b3482e8c25c
SHA256267bb53556a52957b3e14dda34d975fc8d2c100865e89f3066df19f5290cdda6
SHA5126f725d1d151476a93b1c567d4b8a6d50b48251e0c447615f8c171be9a70826af7908ffebf3cf36d5737a64d571ce91aabb67dca4135b945457902bf8defd9ea9
-
Filesize
5KB
MD56f6e1a92718d52b15756972894b6cff7
SHA1d1a5dd6bcae05a1eb819937f7c5788be17bea884
SHA25606a1aaa308ebbc8c68090c00dacccecd2b3ad4143a890d53193bc03f1bf09af1
SHA512ed642993814aa8e288662d8ba6bc237f0ae18b1c5a5970383131114e1fadcc8d8c1797e275d6aec9ecc62b88cf69ef01b1959035e3a3e92c7372d40076d8cee2
-
Filesize
6KB
MD500e7326d9282f7a981d8513d87dfce2e
SHA1cd6e0432d99bf28e6f486b3de5207f088e117a2c
SHA256110010f10efee3ceb424ef1800b21916a863c8853a1a6ed615cd1c7747e659eb
SHA512306df8f941936a00bd68bb80ff7fbc194e10045450ad59c4c0d6c0afdd54409a9a6382ed5985fbf757c7b91a750a7bc81d914db11c032e3a76d0d1ac42105039
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5f91d4aa5406c6bf0930b36bcc1c04698
SHA12b2a87843deb21b3b60a6e259d9a624654a42310
SHA25640c7505d8497f7caf04ddc898d69b6680776b3c79d0ae00d3dbbee096244a67a
SHA51204214d76403ad3514a6a6e0c5e06e31cb6ca387f9e7d2ae8a9cbe9540dbf2def9857165c196d8f2fdde5115d0b037b088da69a4ebf1987603988efec2682af13