9b3dd91c8c9d6f404f20fc6c527e44dc987c54d94d2f679b2a1a13d23513d3c5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

218KB
MD5

551c64d92cf6feb09a92b119483146af
SHA1

900e57c743805b95f3020a68773a536d0a203dca
SHA256

9b3590968d7f6b1725be7a183b604f146dc35ea8994c32247063771a997c3140
SHA512

a7b0177e0254fdbb28c5bc1cd6b0da69058c3e9d05dc7dcf3fece5bab5851b0bca2e2a359708bf5bd703733528c61661d0529c1d5f7e925dd14df6990e85f27f
SSDEEP

3072:SfO6HUsjPXtpyBWArOqeXyfkMY+BES09JXAnyrZalI+YQ:Sm+U61pyBWArOFisMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
100	msedge.exe
100	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
100	msedge.exe
100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe
100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 100 wrote to memory of 1284	100	msedge.exe	83
PID 100 wrote to memory of 1284	100	msedge.exe	83
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4668	100	msedge.exe	84
PID 100 wrote to memory of 4676	100	msedge.exe	85
PID 100 wrote to memory of 4676	100	msedge.exe	85
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86
PID 100 wrote to memory of 920	100	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5d646f8,0x7ffee5d64708,0x7ffee5d64718
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16750526651485765182,5538563342987269221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6abe8e194fbb0b830fdb8964e55a147b

SHA1
df0ef72e2a95e8ce97a4c5c9ace7da784892abea

SHA256
52e60306a81d739dec9806b3ce3fb50d78e18f8352c69ea19bca76a603ba1cc1

SHA512
f22e15992e5513fbc106e9f64018fc6530ce276d2d99279dd95d56123255732019d34402ba2556aa70ddca2ca44c3f4c2757789b8efec3345e8cbdd94d0a6503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0bb141c70d6e00c4d4abb7bf83af7f0

SHA1
c321f62308b110802fca5e356d1374b883c0f7a6

SHA256
4c4f6965e83d98057b170630010d5665ae752518dfd07e260eecc38d57133a29

SHA512
6e44b21ec0268fe2395c38eb406c6ec8b2a2b03605f0908983ef2e626d649797015057a1bb005e88dcfae32afa4bed6980c432b20f71790bfdc55d7ec9c2eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2b16b718119539d8fd618d6efba3b46

SHA1
2a7fe791835c8ebd71ac766491a2b7cd3067794f

SHA256
3285a61ddbaa82cfebcf2a4b0a6ea856ba0b9d189776c9489c7b19bd17c7aa47

SHA512
ad465c265361e3de9f8fbfcdc210e59b83684e6a27f5f141b7bb2af359c464facc59ddb2d8b130212009fb02ef727b24b4d16aed14349dce6ca03343c8e421f9

Download Submit